1a4f4eb9ac5861340c9816614cbd4ca9545f659309ec4d7e5ef344261473078c

Analysis

max time kernel
0s
max time network
144s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 16:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

055c6d1f86a48a94d6db68bcb3e978ac.html
Size

20KB
MD5

055c6d1f86a48a94d6db68bcb3e978ac
SHA1

a855eacf2c8733f4107e1eac4a3dca78ef42df02
SHA256

1a4f4eb9ac5861340c9816614cbd4ca9545f659309ec4d7e5ef344261473078c
SHA512

f871ebdf7e58c38a4c769474ad01ae26203f5d0be288de4a81efb71c8fa78c39556b7cfec48e100bb78e2729fa3c2ccebbf2e67be3bd015b5e3187000ed7f58a
SSDEEP

384:SHVuDxUy2l6jJN0/e8tYbGpMNbYFMrlfotd8LtbHu3zvk30:DDCy2QJN02+zpreRWypqk30

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{04B74E31-A288-11EE-AA09-E6B549E8BD88} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2360	iexplore.exe
2360	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 3016	2360	iexplore.exe	14
PID 2360 wrote to memory of 3016	2360	iexplore.exe	14
PID 2360 wrote to memory of 3016	2360	iexplore.exe	14
PID 2360 wrote to memory of 3016	2360	iexplore.exe	14

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\055c6d1f86a48a94d6db68bcb3e978ac.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
  2⤵
  PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
53KB

MD5
b72ab8e223f661963c937bd10d252868

SHA1
e965c86211bd90375ab0fc68640b8ab9342098a0

SHA256
cd1fadfafb53145956980641450d55b45dd8efaf7fc62de2476139105b110310

SHA512
794946a6103c89605aa90322984088cbf2d756ab87d68cef7a5779fc146008e0d39a6fb64859ba728358b112010eae745ac3e0e0da1276bcd2991a58cae8cfc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
6a8ec0b97e99ce8fefd049668df8d12f

SHA1
a5e10a90a86c7c85f0cdf3fe115c072bddaff83b

SHA256
a33370267efcbc631a419072111da7c1aea12664f622fb02741fd7eed9a5b528

SHA512
c02d43383c22adce2b4331c336e526f7b5f31d619afd54c252d326436ddacc6df92ba65a8a9b342f843617a88a8cfcdc79a5621b8340f534a9b9c13d191ba3c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51ac1466070df62cf0f38b525285e7da

SHA1
af9ae2675b8d4278063df4d62c8b200fae75ec88

SHA256
8020f56a25ee60e1ebb964cb2d4ef4c6e2bb3ecb4c74ec9e1b2e80fc67d9873d

SHA512
399d899c5c32ba130904d087305c9f51a343bd343029cf24f0262d3858235e21acdb117ff0e5f006550213568dd5ade6f8a9853410958dbb3867f9db9bcc998f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28f9737f1c0d826d506e6a294d9bc718

SHA1
66b2f2a4c8d06074d08ff7bbf077f5a5b8856b2d

SHA256
4fee6916b7f919ddce63576444b0c33e7611671bd4cff34f80817c8d24c8b256

SHA512
9a3675a93646a7ddbca14d57e38aa5133a2ad9f5e420f12f63268a7435d23d25330f416f2b1d8243df3cd9c957291d8d0ad1078ff4ff032d007823dd46b1d91e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c717f81a57017514bf273b23b10a3ee

SHA1
b181660b78e62b22aa667104633d36eaec23159d

SHA256
39311edd7d9f7af00aea6f66cd4d90420c05118e63d8102dc67d240176e13b6e

SHA512
d76c5a6c13d9fb446c4021c213d229089752975b9a3a80462b7e3cf15cd35f96c5ffe151169f171b2bbc048f5c20e5e8f1c1cac34aa7f972455fcda49357ded2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96adcc2358919fbb4508d8fc2fb9aa2c

SHA1
0083ef0594193fd904ffda723bd57edf6ee88769

SHA256
ff0b2dfb46fe6025dc117f1d25898deaf8f043b3053c3e263f37ea5253800613

SHA512
60dff58c4f476bfd010786c35172ad8713671e7acaf93fcb63cf0501677343fa1d7cceac3b9747afa5787f4df548d6f71105f4b1dc3e94a4dd97c1196bf228af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2ccdd764b7df1a199f170aeb05d06c1

SHA1
f58eddc098698f73980f4023cc3710755009f369

SHA256
f6b23fc42f3a8f38caf9a3e737c4c758d5bd35a2eace4b42858248a66bc97ac2

SHA512
4f69f41659597a6dea7fe8e8786780d1e203628cde7151ba50f7a1c47eb8997cc8d21ec05262e9290003a81b45e740f90942dbe135ada14ddb6074dc393bd2a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41b73b1ac0101e3d9d4ea93361fbd1d3

SHA1
63b9ab7d1e70e36f88c4a7dea1b21db64863f9e5

SHA256
15781d09ed8f94402bcb3ab2592cb076ccf14f63b0b8d7ec18970867c02497d9

SHA512
1537286a15ffd9e852577929fc4e63aadb4486401627ce7470e364138f37364582b1d9eab7f05ec495a7d8be57e3651ef27ef28ea257aa95df5fa9606074a9e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ca60d546ea82a08d69d7b87eab74d42

SHA1
7bcc8375d9342606b38bff6d1a660e1a4c962109

SHA256
7917ce144231d51bb888b70fd1a7ec3af1734294c6993b7f463af0c6ec8d6c28

SHA512
d363e0cd762921fae9de5ec966df3e9575135bb0617cf5835918a5ebae7679d54fdb0a93144d85674d298562eeae3d4b33e2cd0ea30ab0d37061eafc661e3e3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21ff3c8e3f2fd9bed7ab50934081f4de

SHA1
50051dd808370eb7c7f2ab40ba1061a1bb7b5cf4

SHA256
968b841f22d611881ddf07a89331583d2ff7dfa3f2a19d699d7e0f284f0f024d

SHA512
db2f199d3f1e2075383076886177ed017f2a7d22e7f9c9be9410f6402efbe2752b41b26a384fdc29f69d0acb9133028150d033f80e90b7b81f5a3a009975bebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
3ea7a401b2d0119b1787ef58ded60440

SHA1
364227f406d7a488f12b53f157bb3faf34ccce3f

SHA256
e4f99d1aea24c27ff622234da1a970c0e9bc19872e3d459912b8ebe7578d79d6

SHA512
4049d24efc8aa67da9a77001f85e2287e166ba9db80034b7c7f67a0a3ea4032248b0150439c88946377ddcf4e5a0945eb178c8627f1931cc2ad29d45e03e8e4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5FC2.tmp

Filesize
61KB

MD5
739d9b0c8f2047ac6fef5b75e652e7d2

SHA1
48593024e18ab47e817b52e03c5ac823430ab1c0

SHA256
06e3b5b6a68a3f9a7bc85b4702593f7873394a44deefe4fae11db86e904db4c1

SHA512
ffe704e6579ae014fe6feee200b482e4c7e8b8a4ff77d89f8690033b6cd070565fceb91f1192feea61e3a7903ecc054304058745ea80215e4dc01fe32d775ed2

Download Submit