e02ed727e8accd43f63551eeadaefc22541dd796ef619df10b431484390dd24e

Analysis

max time kernel
144s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

070e67f25e3ec344c9f47db2e2bad145.html
Size

43KB
MD5

070e67f25e3ec344c9f47db2e2bad145
SHA1

468e94008be58c780a179ce34c3a7c9cf3524eef
SHA256

e02ed727e8accd43f63551eeadaefc22541dd796ef619df10b431484390dd24e
SHA512

5267613e59c2589dacdb7a4347c1d15e399fa630cf1ad79e717170454bce729dc07ed9c8aca4f7b403d86a999ad8b4f997f34438307fcfde0abb20fa2035805b
SSDEEP

768:Zcd9QZBC7mOdMkXpC5I9nC4klJyr8bWwBwowfZwsPd:gQZBCCOdb0IxCVlJyeWwBwowxwsPd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 309238039f36da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000475f48fc976e17b874d745361586fd1bc8436c8c778fb9e1317b578132553163000000000e8000000002000020000000749e2494ea496d5d1c86607f06fdf82343596f8e28a3821043962b1ea93e4153900000008e141942ec175f14c2b45c0d055ce38c0a4c50713648f1be8bb5347413014b7482b38f6098cc0ac76ec4c5ed5b451bb9f954ce1f3d737a9018a9599236bd51056daa528da41c537205e49a0ca651ef3c6e1b42e22c7af1dc408b7a3cbc858555c99b12f3053faf4c5139b50c265d1bd490b1e60500f83bc9670677c4041dfe096013a73549923af13258cb6382c8bcc2400000002473a0df058a46e89058f3683aa355b99f3e1b5c874583b9a18c6578da1784d79c78f1046d3c88e32a1d2bb9ada7c3ca59bd078c28823645de84a3b527151126	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa0000000002000000000010660000000100002000000082dbb21f38d21fe58219ce8b494c15f76a9040f521599a314d5efbb82c0bc6e0000000000e8000000002000020000000a77e3cfc320da44ab8e9f10f2442a4e15eaf6000f5a615bd2a98a447da860a67200000000f3a5654761439644c06140a5d976bcd98bfefba3923d6e65ade10e6c40a5d09400000006268215a3fec5a23202c1507aa5da80727769bcb244478d63e7038e948174956d5f177ce741a00711aa6815addc0834b441523296aab51db3116a3673aeedcdc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409607743"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0325A621-A292-11EE-9792-76B33C18F4CF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2496	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2496	iexplore.exe
2496	iexplore.exe
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2740	2496	iexplore.exe	28
PID 2496 wrote to memory of 2740	2496	iexplore.exe	28
PID 2496 wrote to memory of 2740	2496	iexplore.exe	28
PID 2496 wrote to memory of 2740	2496	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\070e67f25e3ec344c9f47db2e2bad145.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc0c1ae9908fd594e28bf088cd1b8036

SHA1
7974e5f8eb7b52522cca515ade6b26f9667f4283

SHA256
5f0be8b1df5c7d217f49779bead7f88f1d9a665334bc6be5a44948eeff522ede

SHA512
0931e1a7f90c8a3d9ff3e9d97aaa9d57067c0d3f457b9e104e2adf0435221c5f11f537e2d47878fb483a98a9123efa27b2843cbd619ff74249fe240135772b95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bcd6d494500001b5596b2bb2cd0db63

SHA1
5f61cf4b955f6114147b1dec69e0d716927f7ec5

SHA256
7ace173d47f2ef8fca6799e74e28fd3b9b2d3a93a1f23aab6b35363222884d9e

SHA512
bf9b5711766a799c037cca81a6f0ec7a1d32ba3dcb5dd776ac53d0833390348fb75cfc67e8bbfd6fb21ba6abfa8072fd61009b316cacbca6c1ea748485c62a60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d57af1df58fb9b68ff308cbda79a7453

SHA1
b05d745514656a0308adc7c12a780e8e84fa859f

SHA256
ffb3d97c6c339d765fca439fa43e0adcbdd9bb930ec799bc30d4e6462aa7ff1f

SHA512
4834b8cb840588bc733472bde867ed988e079ed50194c824525cdfb9504e94b57a8e51abeb0961a7645d0637be32cf407bded4c199d378fa5591f7bc70bb4bcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c013847e8a8ced7e8d3eefe74d20e591

SHA1
00b494324d6174bedab437af0f546f8308c4d617

SHA256
8eaf730c1c80a5eab0240bda6fa16d2ee593ff63af867535fdbac288c98b84a7

SHA512
6772e32ad6fa3c300ad2e5054a8231cf617c1957e44972b6896649cf5f720e496d2758e21489ebbb185a64a008d764ec7ce1459200a8a772a7bf41cf11c807fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdbd5a40814f178935fabcea290cfdc3

SHA1
afa41ffe743f983ed34638a2f01978bf8e907761

SHA256
38f9dbfbdb73f6ac7ab2321a19c0e61d41c1d761c87258a14056eea07deee010

SHA512
58e6170c086290d0f7ebaa486f2a244fdbaf79ac98703dc55dfae1632aba822262f39818575992bd42b44db931ffa94acf45ac8bacd1971cfa60450aca1e5df1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eaa55a51217d2aecef663ec3313b06cc

SHA1
4797103463ec27152d851c315436a4faa40082cb

SHA256
2ac5c3f9fc9b3b4d543db9cd90303ecb9b48fdba3af7bc8274c10a403fa9e8b7

SHA512
3a81c8142109afa4d0b3e83288140ecd7d70b38e031739330be3955c285f5160d1e2eaaad5472c4b9551f86a8502cddca298eb4ea8c0d702275ebb57c18bb908

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eac0befb76be2aaca14884f6544785d4

SHA1
62d8f743d065afb18c7f994739e9e3c8b7505cc1

SHA256
50c62086f5bcce8a530efcf4c2713443feab79f1b387f260ae4547e4d237ca42

SHA512
69f81f4ea3be259260c7c4ab66367a5701ec2fd8c35c7e53eb39acdc592889f0c212f30d397d9b810cb6d3cbed5a5d94d2952005406d1ab36ad4db74d938d25c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef0cf816e4cfb6c104d30910b91e1605

SHA1
dde71cb01edb784909cb093a8ede4b8bdc9882a4

SHA256
5cf3ad053c5ca4cb613fb1d8fd55e8a16a68308d86ead2a218acbadbc6c1d10b

SHA512
f9aa40908cddb11fd68d84cf2417aeb11f1ef7df5b11287460af8c890a66fbf758b71ca9c862c0a9f825a74695670d67f8892525e474fa4fc60cfe5d9fb30137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14ef12c21f3bd29119986ba9dcac393b

SHA1
c3f758409200b2a0346ca147958ac27783b48732

SHA256
1af3073a5b8a1866db77043945646f4cf572ee7cb2952dcdee3c05db596a573a

SHA512
8aee5bc8f0edfd8bb7245e0a3de9e4d743147c60ec40fdfe78cfd67fef104bd7a3cd0850ab5e4f46af7a9e9a907f33a61e166a514596d979a2235d40ec31ca64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef641d1f293d326677a7e363a2f300d5

SHA1
cc789425cf5338bc58c21f080fb1db12dca70a76

SHA256
79313a73ae1cd8b5a2d477cbb5b7d71dcc133125f65837f151fd392f44bc5ed0

SHA512
b869bfbab2eeac614a559ac67b17e9dfbab95b76056af554a0e2391f06dce79185dda9a24ac19a5949c0094970d0ca4e354ee5e6ef0641c4103462b0fe911ab7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee1b6635c3337f905196eb1da7efb87f

SHA1
9f88c48f5b6b099deaf27c5b176168fa3319cb94

SHA256
4ad1315ea0a97c4035473851dc60d50dd02b4f2dcf53a40d194108cf692cbff6

SHA512
64d6f7f5dbc223d4afdd17aa118470f97ae42e42a8b24670cd8bdcd6a6d401c322bc300538ffed7a734b4f4e56e84f0ef727183b2c3ed73086c23af286fc6923

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1293e4f0f6418c46f78e7dd48b516cf4

SHA1
a895eaabb56be79253d13006fbd89463b32e9d08

SHA256
8b1bf1cf7bf547f5a3f109ca3aa3ae07a267a1849b446437df043dee6da43420

SHA512
7d98432e8ab7ebfe462fcab2cff4ddee6ec7298e08f22a066f3ab0c3389ce69ae02b39bb625464e986b6822406099946da0f45a444b438e2304cc4f54dc13b12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e658e816e3829be8ec582970fb8bc1a0

SHA1
a782e177427f28a1c674d5120a869b179ddca218

SHA256
1ddc848147689b52e15e1d491250a02f6c7c3d465d95dd0ba76dacbb89c5735f

SHA512
eba13d71876384a43fc633469f83a3de2272098a6db186081cdf213fcf5f9a0ef8e9b6aa4ae022edb868907a3bc2b98c92bc1d514e62b8115b553fdc7e446a72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e37dcd423595d41a42609f5be20b0242

SHA1
b5e89fe33c8bb3a9058d55cfa1cdfbebee3feec5

SHA256
b0b1e6c85841c4a426bcb201301fb63f634702789f2652c000da068ce494539f

SHA512
85cd487ea8194b1095bec576e871344bed5e2320d8b1ca8954d5dc3e6d005c432dbec06ab7e8f4737931323664ad3de3bd6b0c9c7d24115bb4a9bfb5b2062b57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e87de1603018e882dc75b99c9a9904e

SHA1
17eb7bcab85d3f5de12caefe927db5d75e786b83

SHA256
b3eca93cfd178ea491d09a6c5d76be35a4abd379968e69338beafc38eb68a6fe

SHA512
21873eea4625df0da3c75f73f21adbe185cf541fff69f119bccf178e639b72747a556451f6cc4a72f3faa1a19554416d4e4b7a09e93b51374e3b88dccaae5694

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db59eb44a813586a7557b501f8de8090

SHA1
ea12a0695c2aa85f91b646289acefa1d5e65bb1c

SHA256
ec1c52417cc7b683c23c5b81d03fc99c54ae2299d294776e58b46e189dc8226b

SHA512
f499fbda5679b99d427c09e02e86f2047d2aef1af172cdd963ab908c057b548db4142eac17e5f0796e2cfd6c3710d72fc672392f5a54fd9b6a1e6cce13f925a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7503.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7DBD.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit