118960cecec19c077a2afe756a5be3f81fb4df7b4ed3a5a3e9e73c171dba3a62

Analysis

max time kernel
56s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b041f9e00acfa32f8c9221672b66e13.html
Size

3.0MB
MD5

0b041f9e00acfa32f8c9221672b66e13
SHA1

388ea21a0195bf5795aa7426a7408d4b5f98084e
SHA256

118960cecec19c077a2afe756a5be3f81fb4df7b4ed3a5a3e9e73c171dba3a62
SHA512

4f7900a6718568c107ee324e7cb5615e5c575303d5922871eae4b3db8709d5b77ced0769437d6e089983e83d7edad6542fae86dfd61263344c8f8e4436f6046b
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NqS:jvpjte4tT64S

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D050721-A2A4-11EE-9FF3-46FAA8558A22} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1916	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1916	iexplore.exe
1916	iexplore.exe
2408	IEXPLORE.EXE
2408	IEXPLORE.EXE
2408	IEXPLORE.EXE
2408	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2408	1916	iexplore.exe	17
PID 1916 wrote to memory of 2408	1916	iexplore.exe	17
PID 1916 wrote to memory of 2408	1916	iexplore.exe	17
PID 1916 wrote to memory of 2408	1916	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0b041f9e00acfa32f8c9221672b66e13.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18f01c58fde9869efab25f7f69ac7c6f

SHA1
83fd78b54e8bde6ece502874d245f1e4d56ef908

SHA256
392dfc0450f0e61a1e42659b0efc3695ea71028e58bdafe27205389c853f53bb

SHA512
cecf2b59af3753f59012afc23e3903245d8c7613ec590713b7902cffd5d9638c5dd74eaabfb392d1b3b0088a9e1d474fc41b31e4b30b20c0153796587403a7a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75c839ffe9a7f19b2a047e1fcac24087

SHA1
79df709fbcc5da32a3e43ec0e976529f07615487

SHA256
04bd66813fbd8db33a63f4190babf225574caca023898781d03b79a7f4c0a8ae

SHA512
c1eab0c1e93171ab5a33f134ee4d4c46a3da2a6e96b4241ef061cb2868f5f10571669400989e9c5ef8bfca3e6d4270b1ed166d4e4b806bbf7f32e314798010c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b66bb1b573e3b9ed1bd6d073057d129

SHA1
1d9381c0a10d3b8dabb0c373d5cb1acb968ce48e

SHA256
5b52468d7be4421d339254266b96421389f5b87a2395148d43f466e210b93daa

SHA512
f2a55c5e914ee018c459e99a07391b9c645d86027923228058e7bbf9d770a9585f71b5384918e69aaf820dbe84f926a62850f0f39d8e797ab299422afbb8d908

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d782ab565a1a1acd7f91cb6d288c5dd

SHA1
342cf0e9efe4a50189e37b2802eeba671ed624cf

SHA256
10a4fe4ca749979ecfb2a4527f186bf3269e06a463b382899bc112bb538ce217

SHA512
233d01f7d70728ce937d0ead5e739bb219b319570de570ad736522bc695b78573c6d8f1126911ea5cece4e44c2ee559c739eb8e89e7fd261cf83afb5bc76562f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50c9def720b99ee637adaed3b5f65211

SHA1
1a3362a4c5dde7cd09f416416be1b98731cb12bd

SHA256
4bc2505570a209978767d2fc7cb8fbf0bdf74d0de242027385f9f099f25c5e3d

SHA512
577d7f142874f8434d150d84c53e7c5b4c209aaa571dcc1356c583fd98998dbf28c207262532a1b208c0ddf8deecebad706b481b21ecff41b24fd718356802a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d47ccc2abe98300fdc9dff1817cabc4c

SHA1
7fdf1c767276df6c99723a532306b5973b8fa9ed

SHA256
fa0885861ed4568b7239156fe76aa53ea115da242983b2765e868f49b9a7e13b

SHA512
c70ccc97ea68c43a890e76c8a7da26df09ab5b6f66162d5d5f93e804aba88a23c8a4702c79b859cc4bf8308d0e2698a63b0e35d4c04a1ae41541e503d4e7d7bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c14f8e8cb665c9930d3b106723c65053

SHA1
c129ad10d72255a9b43813be82d83739dc71f048

SHA256
e6cb818d5d56a45f64244db7b20e98457e4e977f74ffb2a7ef64dbbd8d23d001

SHA512
0890b5f4b5192cbd8f9135f6bc4dec1d36248cc15b920323502e9ef0fd38972f0c141c0079ab1908b4249a3ecd943bc3c6c41d003a11603f0a2d36056b87110a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b425aa80fa30062d523e56a2bbd310e6

SHA1
28ce11f793fc692e0c7800280e46bb527ab6beec

SHA256
c29f17fef8ed2da315d1c8675afcff6d1db6a38d99fbc61da0b8b47426e9babb

SHA512
268a211038112cc30ce8d3bc5111a98c379a060b0da797c1607604f8cf7531a2306b06e750c945f8a4dd4016d1ab5044b1830ae811378c2d29f144d37b8b3008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
824cc6952e8f1e4289497815ec6014b8

SHA1
c1cca2eb0f9a8aef9f021368414e6f0d53555d51

SHA256
f8deb922e78575d7ba015e389b096882e510fbe6096d18086ae1628b630bb2fb

SHA512
06b2a8af30a4f1d84479fb1ff52eed037970c316f27953641c6aa7e9e5a6b96435218b474639de633c33d66cbdb53a6e3b819a86a9a258cfceb5e39fa841a50a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e28bd6cd5526d3dddbf18b7525daca4

SHA1
1b8d7e7cb7315d293da3f588a640397f937555ad

SHA256
4df56fcae13d745fe53b5fef6f9581e1e76b6186045dd651fbb26b105fda290b

SHA512
4924373f970a703e3fc000a6dc359933a81fab682a374ace7aeeec933a077dda48ee82c12f82e65abdb410d43371ef533c3446cd9e1235898caeac1eaf606e33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22cb954a5439cfc731f628a5b43ab8c5

SHA1
547cc8c4be093b8a6cf274eae7dfd80e6e05ad96

SHA256
a57e7eb44621a5bb9957caea94347c4683ddcfe85cc418cb01b4480e9169e46d

SHA512
4133165b32a1ed7f63a832b39ce1299ca3307686c4ce59805b8935369dbc1c1f42cbe076f9ef2113b06bbfae8908967889fe5baec158fe4727b844dee11f2a03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
689ac56583ef990f19319a47c2f9a1ef

SHA1
61adc5f7c94d3277d9374cd7a5177a5ea2168510

SHA256
09ad406b02bc8285c82729b075e2eba1125c86b3860c4aa5336b953033ddcc53

SHA512
a121dab36e8cc58f362317f565aba571a8bd388db90db0e09ad0ada1e0031de1033c601b2c7798bf16d9ca04e91d182e69677237a8b5246f574305ebd337f439

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
815020c46ab028fadd461cf97b616814

SHA1
fe6d13bc1ca3ba0c883976fe29a42e566e1c7cd5

SHA256
ca22f6c8fd1f17a92a96422a4b7f2938c0b0ff9c54a046297eeee1b2dc5ff41d

SHA512
b51e6d24897c3ba3f98245aba3e76569280980c8b44e074c10472e24b77b1e2c9e9ca623ccd4580b87375bb99c371830f4d7df6261545a76fdbfc62bcfcc8331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9b2b7b4735cbfd1650db4950d67d5d5

SHA1
8d3a944ee4c46d0d0629367f0ad06be7db503fb9

SHA256
eb9c710eddca373aeab97fc0e473b33158e85f40da4c1ae81742d76cc6c44676

SHA512
3549f93af4f79530c37162d5925603354b1025fca01e8dfc3265bb3a8cab61678a070c0b1a3c88e42723a87ae39b3b2bd6b15e96f08dd7412a8c3325e2da0f90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ea7fcba1d750195b4492f0d5407cc46

SHA1
57da68e551ba817521c17f955f803de22e144f42

SHA256
663b103f4076a16de479c6d2f218fb115d1d5e7b1dc940df36c4dddd0617e598

SHA512
62623eb806e039ade4bd7e11db42868afc60d572fedc1229583c3d4ca184d23160ace10cadd728a294b233559446602afa43cc421e28e8780141e9b90795913a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a885256f7ba6eb1accf0b11514ee8b04

SHA1
9152c7b58e149bb52a3a938219a5bd18fe64af08

SHA256
c7e0b19e8d1de44dd61fa4f37c04c7afcb43e313c2355c1aa5d04826bea59559

SHA512
32b3af4b9a0b73dd3230a1dbe02f4eb8a40dd15ad3ffd2d5d6a31eb2adcef2ad257e6733ed78fb236ee763d3312b46aa065b46a3fa1a201338eecc781df00b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA8CF.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCCC6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit