73b2222d0d2bfbca61117fd00ae8c20887c4e12875edf5d9d3e248888b75d6c1

Analysis

max time kernel
120s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e8fb6130ad36b18cbdf4c2f9eb73aac.html
Size

36KB
MD5

0e8fb6130ad36b18cbdf4c2f9eb73aac
SHA1

5f0f9876e80a50c7f44d43aad888271c3a8ffacc
SHA256

73b2222d0d2bfbca61117fd00ae8c20887c4e12875edf5d9d3e248888b75d6c1
SHA512

1487a31061adf50f9bf949151b12f3406d64f0afae47e97d3e20712972e11c8a9d578a7af3b9b3844e40e35844816823fcc263ee0965eee33f52ffed8860b75c
SSDEEP

768:hWAAFV9L+BL6w8deGV8cevv8rX86fLx8jd8ghY8N6J8CcK4t:XuV9Yew8dem8ce38rX86fV8jd8g6r4t

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409623998"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9765001-A2B7-11EE-A2F4-4AE60EE50717} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d28cedc436da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000941a756976e44ca20ca2d9fdbab5502e7a9fa905f0ca2145883babeb99c3ec42000000000e8000000002000020000000e46cd2c0317ff5898123f2ea19b0fe7156a1d12c4274481cb97c005c542957a9200000008c30186fca94188b50ff8be023b1c0358497a802eba336919d1775027b021b14400000004e0d1df55450d32faea651c8aa6cfabd45d121713853c4e3223470f806df3ffb3bde58264a1044e2315a4a6b092efa6284f2e0ee2f263a610fac18b12c6b874c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000008560eb3925209848bf79db838d24a644863459c60fd316480d84d2be1a71e444000000000e8000000002000020000000fc51693e47d7f302941b5a87078e3fa714afd67a6ce757e1c4f4b7f0b3c1860090000000a83907a12d234a7a03d76255a0f0a758daaf9ffe2972567396bd9ab4b011eba4690cfa978c845eb09f1b80b91bc54e99aa1fb1448c9530436666c4d7fd634d2fdc0f9c53a4e525988b7f17f69f136084aa6ee3cb731ccb4d835471eae794e6ef1ac418e4a5d68631c07286ab382413cb41ab2e2a586aa5e6140775de317041e36f97b65812f9ee090741c41af32dca66400000008a5f22a51fb4245940844a5b36705343684a663cc439515f83f1edd27dbb54c40d63a930308eb9c9e7962a6a0da215ae2a34108f0a9c5f02109c71c343898620	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2884	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2884	iexplore.exe
2884	iexplore.exe
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2788	2884	iexplore.exe	28
PID 2884 wrote to memory of 2788	2884	iexplore.exe	28
PID 2884 wrote to memory of 2788	2884	iexplore.exe	28
PID 2884 wrote to memory of 2788	2884	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0e8fb6130ad36b18cbdf4c2f9eb73aac.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
daf4db386a34b415f741ee4561ac05f8

SHA1
3c49a4133ab3fa06bb181c57df75a5d5d59390f2

SHA256
5548e477de864ac0a342f3eb9f3349fbaeb9bc6748955bbc62854449051a6a70

SHA512
6dce03a054d6a7173e1bf36cf36d240341f9ac2e2f81b19cf4315f9469fbbd41e922902e61ba2e595c5152600a68b4b1fcea11baa082c7e6e000f92539587db6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
181b1e22303c73fe90ae1be8c3c050c9

SHA1
7bf7604ad66134b89ef7f365de482a0bc6982ffd

SHA256
d5d8024f5fa7654b6f2b17bb3bebafa314856e15d54e8363c4c0cd9f2b7f3cdf

SHA512
a605861cedc362bfaae384c6810f42ad8ecd01633e53fe368e31b9c60a3837fbc033f6e2974cfd16886be6857e4e95b99571c4cea12da28a8a36007fb7b8a23f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27bb233495f300c7883e1be9441ada5c

SHA1
da9304209900a54d0c8d4e70be82054f7d4544e2

SHA256
2310744c6716d9145c930c9f5e2c19608015e9f8ea6fc82945b5a2e3643192d0

SHA512
89c6d478cc8a2f6617a33f4e7cb26375c4d6de5cc5b44b762b484b87dbde9c07810060e63b439caa0c9e7ab92bc9ceea983863eda83630f6037351cf9a2026b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8feba575bd1782aee097edb1c1dbed12

SHA1
bf26235543162dbdfa0cdb029f5fa850d0d48e24

SHA256
2a620b026a8668fe1aa9130549c677fd7c0c5c3bf1bd9a18eb0cc329228aabeb

SHA512
7b11154a4c458ce70465360b640f886e40aec72b1246e54a62b0b139f689b86d76efa24347230803d84b04e902bd21cabd48ab106d8cedcd9d9eb2af978eb517

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15cd409622b8d72e097cbd099db1e40f

SHA1
6ad0d8c335122dddfe0e8a6f29f60a0111acc6d8

SHA256
a30221892230b15f388aca3d6e3f56e2e59407dbe84756f9f3977b121e596eb4

SHA512
cd16265ba001ef8be67641e23b0e80ddb1f3218557e1e14194cb9a459e0787857dad0f80531a036946c76647becaff4db581485914e4eca63c46a2c0c5304a98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acd79fe349fb3c81c307ec0ce8b7581b

SHA1
3cd7e75d130593a6b492065ae1afa17ea3cba022

SHA256
47ff025f12831cf211f66fea6d7051d3e0fd8541ddf7a6f2f9310e5340fd1c96

SHA512
2a6d0887b6045b5268d506f2e45b6a403a0a0018dfc15487e5bfbcab4d055ab59c29844cb0759ee951545db4a325cee5f9d03787f8120fd51424a0bec2517d82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3ea9aae99ac6fec32c6e00856c80821

SHA1
5f2323be27704b7c2f7cd11fcb6e44aa4ad51334

SHA256
300781b49cc238f906605630195c3027bfef112706525fcf9925ac3d953444a8

SHA512
32915b66b460019742b077fc048c8e248f4b5a7309297f84df96455102febecafe8991a3dfeb749ddacf68ce2433915379a31748b59d5d8c630e5c8cf20cfed8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf2aeb311ab311a76f344765cc654679

SHA1
f7afc826dd67b051530014c83ec8fa9385a9a5cb

SHA256
0dd9a8135790a5bcf63e3e2ab6044210b95dbd81a6bae3886a980fdb2930f9ab

SHA512
30be595d550e0df213ae05f053eda5087e869595886ab7b3bd508368cef5f556292a39787fead4c18900c7765e5ce42984be343d5e23594a956c847463db402d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e092ce045cb5ab36509ae38bb0320e04

SHA1
9c26fe69f0856a8841d6be8d603428204ba8fa8d

SHA256
4a4a132cfce9e2d36459f86b92b5b03561e83c69934b22ffb1b05205deb3ba7f

SHA512
41c4caa73d02e4ed9ce2b7a4ad1cefd52b5078c61d32d22eb1c62be892f2668db6e9c984b7d9737d6779f45b229455a6977c618e3ba61037d28058c5d8d134ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e6bc4ad28b5084abda62fd09d4b6034

SHA1
e59dc60d1eb3137d61791fc4c877f4a45345d2f1

SHA256
acf61b2c15966067bc798a0f8a2a593e346007296f05bf0d3146b2c54d7128b9

SHA512
7915776e27b6b1198ae80b2a07a83369bf6dc1c48e1fbae6303bcc304872c237d3e1d7237e0e05c92727c462cf20dd98c97116333c7ed03dea7d7486a71863d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4cb00d49d4bbbe14743cbdb03e9f674e

SHA1
fe43a38d8b5ed46482775eb1d0ef46c82c9514a4

SHA256
0989f456e40d9b2da2164fd7e0309982ed90a60af2f2d851578b4f66b191a92e

SHA512
85246b0e811d4e81113dce144ba27196c30d28f8804b5202d4f8e6103bfc8d8556f069d2cd31adb8519ce69c213ef5c859a65d7a3746da67782c41c21fbbbf84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77dcac1dc1495ed0995282bde97745c4

SHA1
b58ef8c94f4bed4f69ab52ef89ec0358e64e193e

SHA256
cd60be24a0b1625b825df4108b90d3273ebfda15fbc9a5758728429ce98feae3

SHA512
9c63e12c0f7cef8cc483aa715dd34358bfc21dc846f3f5b8e11f557dfb1317e4d258e4744d356fd6da72bbbb3ceeadba3a437b2f995d7831f0fc61238ba76eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6d7c0838d4cbab0926190c47314a256

SHA1
2b1cc0625b20bd9702b2dcd33a99a422b85e5b10

SHA256
7cd700e3cc629ed8c475e524e12522dcb8ca8b5ea6b1b66b5e6bd346e2d20d1e

SHA512
9da8e00fdb98dbfe556d428f157886cd2bd6b6cc39fe1d655f753f23d8b7d471b75acd2c7a7a1fbd9c2ee8e7336ce002e3dc8589ea7e25f9b547d5574dc28575

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
932e13143e121d7b0de28f2572919f2e

SHA1
331515a6ab3a313714b2ea05e7703b0a429f5ac5

SHA256
e77c70c1a4fe8ecef70dd7c2a639aae185a093d3494f30771ee0463e3f965649

SHA512
6c08ead094fa980f3694f9a49b2e4d5980f91e428031977649c82b978c9071eeac371ceb4350727806e93f8d34ea6704b2edc39b86e8fe2eed6513ce6e558c15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89cea52d7b7f4e6ef6125db7dbb06439

SHA1
02486ed6e4ba5e2634a175e7e755d6062c83ee28

SHA256
15876c2376c953cf0e0fb90a422ff865cee66306eb7203f4bb88d415ad85f605

SHA512
99750e97bc63c40f926a175cd806b5372818a8a79092dd095f3323442d88e131de6872ec482a347a35abc7feaa059bb34e56499d9b5c808bc7bbe0f1ad3d1bcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7BF5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7C94.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit