4722e64863c9e65e332c9bf257a5537bd0f004f611b5327475fb58ee5aefec7a

Analysis

max time kernel
144s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0eee32a7b2a282d1df82a5fc5115d592.html
Size

430B
MD5

0eee32a7b2a282d1df82a5fc5115d592
SHA1

165a4eb010acfad29f2f6c81feb99e3ba20fa3f1
SHA256

4722e64863c9e65e332c9bf257a5537bd0f004f611b5327475fb58ee5aefec7a
SHA512

aa0b5da90a0679ef834ccbb9f606ddfc83e8ae5dba23ced6067e54debbfe9d970e4d827ce8f7fbd880db50c438fd5df556066c156d83610b3d7c6a4706d63685

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7013743ec636da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000d99269ef4da6a3e601eb134933c950bdae9e9b836c6d379247192a104f63dc80000000000e80000000020000200000009d72aef1497bfe07aff536de890145d53981a727b672910cb23187a1c73e987020000000bbc96a99e430a9ac23671589692e69149849bb3c61fd3e5e9547ce4e307d09704000000092a51aa7d29472ec975dce5d774cf5c5b9289e71282b91e211f717a7db28e23b010e7d69ff8bfc10830aaabd2356b0e634e014d1c2ed33c4afc8a6a65695b434	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409624677"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7682F741-A2B9-11EE-8CB7-DECE4B73D784} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000904915c53fb5f4e1f36cdbd1a6f015a48fbed828c20a4aba53ebb02d77761560000000000e80000000020000200000000bb470dfa5ac8c47117ec7b5081ae94fc5240b7841f2eed8048103e12ac0195b900000003e3dfb469c8a45fe27f39f7bdee6a16a1a37b26d2b0b91491000a5e4287ebe0610b7b1ecd8a8bb566c747eedd1db64ceb6953219949055b3de924d89ae10ccfe62505aaa80b85af16c773034822ff6964fe73fc8c62586c89b4f1df2bb44dc0498a5b856b1a40d90e350953f0a9ebb955c7b9d06a288616d10f6978ed6bed96e6a850ca4e4a34398cc40fe7af54c229a40000000e05e2a9ee16e7c504fd12f153a056efd8129621b2dfd934c40129b68f04fea9656d5b9645aad6ef1b27291d7202f34284f8827fc24d70436ab71739ea6b900be	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3016	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3016	iexplore.exe
3016	iexplore.exe
2236	IEXPLORE.EXE
2236	IEXPLORE.EXE
2236	IEXPLORE.EXE
2236	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2236	3016	iexplore.exe	28
PID 3016 wrote to memory of 2236	3016	iexplore.exe	28
PID 3016 wrote to memory of 2236	3016	iexplore.exe	28
PID 3016 wrote to memory of 2236	3016	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0eee32a7b2a282d1df82a5fc5115d592.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b238b6042febf8630bad060a06785ff0

SHA1
1b83123cf4d741a417dfd48a1a058e4834b1e36a

SHA256
3c4ae143c51ba9e07733cf9bb9fb7238cc0ec029d920e81475e6deac994c1d8a

SHA512
70d43fab84205d86703e8ae032ee105806938cdce41f6bab02783cebdf24ede8d426b5d73d4717b18e23a93b32c1fe94c944578611c3f7ccbbf9f0b6bf3b2b37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9733deada0ed56e01baba475abf94ff9

SHA1
7c2adee37e3c547f07e1f40615a2f6bab8727d5a

SHA256
ec3876fb893495556ad5241158e72309db7d07da09e39102dfc82555f9d1e176

SHA512
0d83bcf9ac7a8cc10df2b8f2f733b7c12d6effff966e73acf517038fdf55609e3e15c228b8c993cffb7431618db09b312806b9063ff48d99401eb7f634902376

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e32b1443cdb68f515ad1f8cf7a763ea3

SHA1
ec071594da4bb9faa55ecc8dc0820b95b055de12

SHA256
63ad3ab185df96ccbbc96e9bed1535e23ec4752d26fd465c1d1b59125bb9021c

SHA512
517336172736c2934ff767c1f820c422f18d6e965cec80984be434a678f7da4f87fd3fca43c1f7c9a7c1073e7448b88a8d3c1509baba447707a45ec70b8fe388

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e9b383f59cecd05c1d6337809ccbf2e

SHA1
eed90eb17c9d3803e85b769ee8a535c99db90d8e

SHA256
0fd40181a329917e54ecc5e951879707bd6901a8cf4b5a6ee003163a4d3abc2d

SHA512
ab497c9d1e397ce0ef5130b4755b22deed441b0c1369ebde017ea040fb0e1470e28118f72b6cbffe857f396eb5c6c0f61948aa6ed2231682554d145ae40357f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34bf3c968100817143670aa668dbc5af

SHA1
f784f9af399bdbff1178ea97a1599d0a8e05e432

SHA256
98280747cc95daa6d949a47b3245447bf2c636a42781ac141458ba1008b3e548

SHA512
18b1c1d06e1efa360e5383ef4c9ef3e0dc9a88cc9372775e91477a775608ce0540b7474db72549d624705c1910f61970b8ae01aa047e99a2bc343dd9cef7e326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
568ff1a0b39082592d79e3bef33b1ccc

SHA1
bedfd39ab1c2195ccdd6267e68ee8c87d91d504e

SHA256
fe3262ac1b0aaedeb0b70ca9ac199692c678d94c6274e9f3cf9e40ea737da4b5

SHA512
acd4792759943f7364892f4fc8b89ec785f69a3b0bb1a3acefccc7004a89eac025db6d05c467ef6e51231c892ae697902aa6f6762d8a4b80d00db1b7db0eeae2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
838ca3178adda9b27b26d51a9c5901b8

SHA1
8c9589cf46303404355e062b7008218f6da04a35

SHA256
173d150b69b0d21f77cd297209f70782ec6d26ce24295f49dd5d2609b26ff72e

SHA512
edf9ed14089720b7eb6166aef3666d796f704c3547b41ee4bdc88b26e0dc26911bc30ace6330a191f623e678d7729290730b79396ceb7434e772f55702b3ab24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f02d101633c83bb3a4eec1d6cd45d73c

SHA1
23d72528190e59bda35a3b5b4e2663d031d457fd

SHA256
166eba80bc577e62a24a185259af48f9dde68344acba7bfde62a039da74bc106

SHA512
7eebd22e20393095716f57e6296a916a2f1d24907145962f8653cfddb02dcfb4a0bbefadba4feffaea512e16ad2a59dffbdb6aaf4ca64fdd992575ff2b36e58f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb577cc76d48be51a98c6a6a482c6b30

SHA1
649b3748d009dfcc25ddd634df91a3be18634127

SHA256
c1f07da19239621deb528f9f5bf68214d4f5bc90be60bf2f91dbb79ce8939444

SHA512
e4e541d1ae9bccb842719454631fe02ba6c653324438f0888ce088005cad2024604ad0db15847d08bc3ec160106f060c430e07880e3a5ae33ad3b236c7fbe2e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5371a09c66317ebf8535c289b97dab8

SHA1
f8513e35d995cb44b5140f1563991fa830d5bb73

SHA256
cb350fed0721d623ddcb03300e5e7b444d04fbffcfa5ecba12219ee2f6547e3a

SHA512
821699396d9e5407adc4ef64dc74160a0a2305e4e74d765890e20bf3f121ab600376c8ebfe495a77b55ac7cbd683e34a88ec833048adaf3587d30242c00ed6ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a25df9666b0f008a96d31ad53f0d8c99

SHA1
7dd59b7025d563e8112eac2808de1e35c8475f81

SHA256
bedacbe84cd570454fe26455ee0d9fdf659a39d5bd451991eb794701991ed956

SHA512
61f9f22dc997c8fedd725994366e8aae50706c581e38dc55a41afc1c0f3248c6f521c308c11aee5ef038091ed84ff3094e2ad9757e2426d557a214eb444e0cea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
fca7e3339313c532a3c2be33320a4b00

SHA1
d0388152c00e394ca94df34ff4b8389143054723

SHA256
bceadfec4b57cbde1995343be96d7acaa77c85c5ff014a7e3c78f1ae1e2b2554

SHA512
5462f25dc66c0767a5aff29159192bf711d58d5c57f3198c5ff55af4eed07cdc18e1229bb8d14bd56fca0b6fc612a19ea56fa23630a6f72cbda272b08d91068e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

Filesize
5KB

MD5
1f9f1965058fc3e858af5b46c44c4b77

SHA1
9652921741f495eda4f28469570e84d7d112a7fc

SHA256
dbc94de5d9786d4c8cd3c82a1f3867d7935020d7ccc0f810f0f5936849ae9176

SHA512
509a9b47a771c58ac411aee1a8b6d7904d1af74d145b755fd06b56ed24002429a4d33445b5ab03cd8630c7b43e1d60cf68c9893a9d57842a38544a60bb8e4ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

Filesize
1KB

MD5
e8fc7edba3efb1889356f90d7b61c584

SHA1
8160254b2a13d42e70de6d63f7415d01f2a78a64

SHA256
5bfcea1b4ca2fde76a4442eda0ff70d6444e8d1c944c7273bdccf03e59017901

SHA512
34ba10ea74bc2ec8f63a1639e5630933f3d6dfd6f82b1d093af84bd1863422ff36537234b9fb0b4c868803b03992a11ed45cb134c7fc155d970a4ddc5604024b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0I6KXNQ\favicon[1].png

Filesize
3KB

MD5
a75c230f34b9296e6fdd8b0b855df5d8

SHA1
e0b9e32053d44532fb4e8bb55b54c3211965517b

SHA256
8adba20b1dd9747ec8ac6ed5a26a8dfbfc7ab82213d8051b76ac771c76b87920

SHA512
950b94afc397ac760f38f4c68691bda6b541832e1d23f496e36568def2b9f9dcb6984c6a42ff6b5abef0e19b76c37e40baab22e9dcc9360091b609333029b24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7F10.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7FEE.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit