ddc4f74171b118fbc4cfed3c7135a27966b8da14037abff0c7592bc6f59dea58

Analysis

max time kernel
1s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e251fdf4641bdfdd907a31146be813e.html
Size

6KB
MD5

0e251fdf4641bdfdd907a31146be813e
SHA1

8d61ebef38ccfc6e338c56ab495cb7192e2a713a
SHA256

ddc4f74171b118fbc4cfed3c7135a27966b8da14037abff0c7592bc6f59dea58
SHA512

4215a05a3291c16c6dcd2c2ee2ad43c9b20fe3c48625a81483bc9a6a728208990d1aa855576194eb5a7fc1117ffe407e36baeb4fc0c876e30c6c9fd498c12e64
SSDEEP

96:uzVs+ux7n6WLLY1k9o84d12ef7CSTUIp/6/NcEZ7ru7f:csz7n6WAYS/L4Nb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 23 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CAE69F21-A2B5-11EE-B16C-EE5B2FF970AA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2612	iexplore.exe
2612	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 3052	2612	iexplore.exe	16
PID 2612 wrote to memory of 3052	2612	iexplore.exe	16
PID 2612 wrote to memory of 3052	2612	iexplore.exe	16
PID 2612 wrote to memory of 3052	2612	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0e251fdf4641bdfdd907a31146be813e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
327764ff138747a0641cf666cb58794b

SHA1
1bc80778415a34c50f6f02492a0d0be058dc725e

SHA256
7eb2427a208d77db67af0d2e0fa134264a2a8232e5731d7a0b766866e77957b3

SHA512
647cd80038da3fdfaece4b42474ce0678302723145aa2e9307405a325883d11196d9675231f11df72b8a6f61f4e50357080241a11fc717cd6e6af7e88dc854dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28a8088ff4026b9676fdce2b8f7d838d

SHA1
fbec85684499b492d84bbd679ed27192bde16100

SHA256
f168db05abf2995b7a5a079eedbb6aa6952480eb783ab30ba603cf67a50e8e87

SHA512
726fb6288f935aeed19c3e2c47c1e15ad2ced3982f31ce991aecd41b9c8d8f69ad6006e2983e45aaff4039c7fc8dd09a9a0fe55d4b2178880228923220c3e6e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01a8738b63fe04b2aa2b8d3848573a33

SHA1
f0c256bcb3cbf5cced10d3a62ccacfad586bfba4

SHA256
588454c1bc9f3f921a91fb89bdfd00e45a5d278a107ed8be0d48b7949d76dee7

SHA512
e6463ff6020bac88891d5a18abef5a34c406bf9d81d54993189ca65e43ce05f19b204c7bd7c7c60c11f289de57daeeabfd65acffaebb34187b957451eb6d3162

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07b145cc1d8b17821ff360798706a3b7

SHA1
e48afd628001558961f95f1145693f6617cbd50e

SHA256
12306fc017d3128a58120742bf70f3e74434691e45f8284ec85da795ccea7507

SHA512
d826b356415186292cdd6245a9036f7dffeb58a2a39ee55c88b5f1ac7d779faea0fcd771edd05531244af044fa66409d6dbd7923ffe4f9f9f008e953c655476f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f82b5f67e9fb2f0e2d6704621e3ef43

SHA1
6c89b0c9f878372602b712567da6dc4234aff39f

SHA256
4d60c4c44c2bbda519fbd1e8f20e3743a2ac34f93e1dea7d496b48657b2ec0de

SHA512
2ada02becea4c16be8500840025d84f3d27dcee383f4926ca4c56005c24ec99767d681de1a1c345a7cd91710ea13eb4be136e54d32f273ae83201392205ece48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e190d2cf6dea847c9c811d3af50adeb3

SHA1
586be25f7aeff8a7f95eaf1c168fdfe734ad29f7

SHA256
01a14ab9a3fbfed88f574a71fc82e33d43a61e344961a0dc2da0ed080d5a983e

SHA512
4e96100c568d0e1b5dffbc45cfa0a7a3c8c3ceb4b89c42d80a7a576d192ad8ce0625a325962039f75d55b7f314f7903979030260126e84202140af1163b42018

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c4190166745d3e1bee2339f4fe72cf7

SHA1
1f7c84e91f06dc1070dba7ba47a4e2367421a092

SHA256
267fc18e25eaf7738febf2cfebf5e6601d6501b7796d04fc9a3c5c12d21b08d0

SHA512
c52159cdb42b7da81ba03d6dd9028f2ec20d44b3cc2eee9fffeca08b6f0e651c94f80f86361a0efa5ec47c1ae4028ec2f2d4abbf8724eda2b68e2db5befec66d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a78e31e25f2a6fdea887b08134a7bb5b

SHA1
1210efed05e1000793d52a499bd3e3d43635ec0c

SHA256
ea0a2a380f73dafa8e785c290bd3e08929d06aa4a34b48f25db72a7d5f41c54c

SHA512
2d1600fae02e327ea5f149229e8b56219e64c905c0961ed976711fc6530a7294b1efeb2c27cf651f1b171189794572b1ca1b2ba84a349e67a750d1665c60840d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54654a412a30da4ffcff2bc1ab38ac63

SHA1
7d3fd3660953770c5980898758fc697254120a38

SHA256
d86a475cff9fd9ce319a7ecfa3dbe18e629c31e9d73d8609dd114e6dd4d576bf

SHA512
301ed673a688481b691c452ac91d886628036133560449bbf19a7b0df25f5fbf2063badc1c2133a859f64c2d5e5361eb315434b9cd08e5c8985b8f56cf2dafb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebaf72ae2c372c4318a258496d7cc2fa

SHA1
b9a10cae100b17c709443d42112989ee6e041f6f

SHA256
f33eb170981b96ca9b1a048c78bc5e9a94613b50feecff1490f1f6ad7d9ccd35

SHA512
7302211f8268f47baf212e22099f2b18807009b4fbd107013642a7caee265be0b7ea7a56090e7a026f9149723ca2537ec90a3bb8dfd13d85894552ca65c5223e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1C5A.tmp

Filesize
49KB

MD5
70b43da95addb4da1069d63baff5937d

SHA1
9401f5dfab2ef21144c25465d6e9e48a18c789f5

SHA256
d39e6e420ff4c205d3be74ac68407e6c8039f2a6f887df05cd325c3dd54bca12

SHA512
8ee2d515a41fd69e574d64676bd8d3c87864bde02cb020ec89e601391be423ab9fb0355e1c9d02268fa2e09ab065a072ceb4a0540ce9c726f9eeb84f9e4275c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C6C.tmp

Filesize
39KB

MD5
e2391fd2ab21bd61b838951900417dbf

SHA1
bd9b3605913aba62560f87f5a2e4177d3b23735c

SHA256
afa986e34658f8e0dc69024f550d0a03798914941a2b300b87d5f2c79e4fd76f

SHA512
1b2dfe2d7ce8355e054f5f77262abafd4e5c16372ae38b663b39dcee7b900c8db7d271ce3baa14cb48dd2084847515e8c54e65dd93cad156dcd1238bce5580af

Download Submit