e039a3836eb38c02283591d3c16135e50cc89f18006c139447873901b1f04cb3

Analysis

max time kernel
64s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f0b3917b0fe4b6fed520b4b1112ba2b.html
Size

53KB
MD5

0f0b3917b0fe4b6fed520b4b1112ba2b
SHA1

ab742148320bb275ec8cb3f2e2089fcb2c1ed6b3
SHA256

e039a3836eb38c02283591d3c16135e50cc89f18006c139447873901b1f04cb3
SHA512

a199e95671925ca04f4f79053523fd4d1e902d7703da3c672b46681ff8aab1517a84c9e1ab6480f1cd37e39081ea80bf3d8409462bc69f3760b18f12d90c9992
SSDEEP

1536:CkgUiIakTqGivi+PyU6runlY963Nj+q5VyvR0w2AzTICbbxoa/t9M/dNwIUTDmDf:CkgUiIakTqGivi+PyU6runlY963Nj+qd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00113301-A2BA-11EE-B59C-EE5B2FF970AA} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
860	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
860	iexplore.exe
860	iexplore.exe
808	IEXPLORE.EXE
808	IEXPLORE.EXE
808	IEXPLORE.EXE
808	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 808	860	iexplore.exe	17
PID 860 wrote to memory of 808	860	iexplore.exe	17
PID 860 wrote to memory of 808	860	iexplore.exe	17
PID 860 wrote to memory of 808	860	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0f0b3917b0fe4b6fed520b4b1112ba2b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:860
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:860 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c65834e68cfd61eb1301f6eaedcc20c3

SHA1
028642cbe63b4fb317710d9fd83f362cc02b9267

SHA256
181403f94a77bea337ec7f25359be004f19bdea6b2a5a8473658ec645668ab25

SHA512
c3a8606075328e253536eea29c22868a4b74b5e56ccd2652884e4d9fbd777b913691518def3f7b75ef8a839c45bb7713fd58f2e9b6377b7489d87f2239e056a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1af0ad9c5a74c456f439a47c029c2e42

SHA1
068b9587254336e16cb432d3261cec5cf3814279

SHA256
98992c0138c494ed4d56a97833290eff34e36f84957c12f14661c41f1c3ec95a

SHA512
8a0f43bdd535f4002814c47672e6b56b2511d3b67caa47008c0107a3b8a0da48b20036239e597bc1e4d37b18a227a11e6c3fd3b08cf7bb018a9ea80941ea3e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bef2d766bdb059e620ab38f32c2da6b

SHA1
87ce9dc2521cf58664204dcb8b32a0abc4572c01

SHA256
9a561a26f938fd719713f212e5487399c4fede61fbf878d70b5698a3ad871497

SHA512
2a1486b246679a06b7b1139aeb4dd4e2588a01cccbf1768978cee48848bce502c9b544b998c759c9267dd353c477ec561001ab1b2ede615f77d81d830a0aadd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f4dbe86b9585196af1dbe3486a85010

SHA1
0c8894f15ae3c62353e37801fe725009f0fd50bc

SHA256
e28d56b099a9c4d3891ea92e7210468f120c11d7970858b1129f64014480b5a9

SHA512
720bbc1711522548eca208bddc3edaa2f54d442643b8f677302538952c9f265397fe72f18890f5aa22130b1a8b5d18c3a4e3d9ae94fff18338bb398737b088f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cdb6fe73c670b7de3c81d8e9b00cd44

SHA1
1545953607551e6c061ecd479070e49b29084bf5

SHA256
e86c37fe2231228a9a9ecbd088d05e1177bc165391102f81010c03c9d401435d

SHA512
95261478dd9406682e97d5ce0766724ed38fb1abb15a51d23043576b89640d8a720a0a7ebbfc51921267f7000b92d792f4f00cd5449974cadd70c87fe7acca2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff142df6591506d0a8336cf67805fa55

SHA1
d62ea8c8267176321aec6c755f952feee11434f7

SHA256
e31c07a58dab8d5fa167aed45bf0afb261221f274b20f5b2a1f604f3651edbb9

SHA512
b04090e589c828c6d3734369e31cf55d2ba10a507ab9389a2bdd631cedd39434e00cb24fc1e0b8a339e15b42812f27839233422049b51a208bebfb11ddb6dea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a36f1bea63715b1ced0e8cb571dbed5e

SHA1
db1a1887b55d69a7efcaa7a43dece3218b218083

SHA256
6bab695eadec83c09dcfc212c141e1f73efba671d01b04b397d6095811657ee2

SHA512
2b358ce8802e8efff8cc567871d3b4f356c5f5cefee93a6a0e31ac82a8d32268beefd5b930a0b905db00c0c67367da4db6df9400228d8ff34f350ad9e57760c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84e355b52a792c54043f4737c5cb20c5

SHA1
795f9ff27d9d6f6095cf279f34f60785b29c6932

SHA256
eed59c2fd972fd4b449e1c7017713c7c1fd0ed9584e9e4f474254056d0032513

SHA512
e393abd6032f01e74569dadd0f53457ff7ba87fdcb08b8fbfd1fae42fdceb49193d11ef92de1b949f3b05f365e121305a42b49607e439efa86a13ff9e21c4c56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b4d680f5d84e8b1586dd02345312c71

SHA1
35525b69d4768a07617cb78155006a1dd2c4858b

SHA256
55368ed52bb1ff23de179139aae66af3501191563cba6d2a314fbaf564d15a65

SHA512
3e3938989776b27d26b84586e719668614c829c1954701a0e84e4dd361f86619bc4a4e4c62f245553d7ae102c0587621650ff3756d8ecb0a3d646793d4cb5785

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
322be7eaeeb12aba6b240f4c8ec99b66

SHA1
df352e8f5ceef2a6ec79e2b4a296548599bad538

SHA256
944d8923ea6daa413c79a1cb08b76114a68fb5c3016879af2e71494585056834

SHA512
5ed81e7b1993afde3b9cd7bcaac182459940ec1a9bd3fc4b3feea6f3861b70f4645beeb0a5e97aa1a839ea6e7d4ae92fed12876fea3714439dec3093280e07cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8971ba077c69791d13bacca13401192d

SHA1
3e9294a392593e4e01acba025b4ded706718c853

SHA256
211630399a23b2f35794beeff38adead3fda00ce111c9df154358cc5fbd39e02

SHA512
435d877c18fca01169c0be41562abf5598513a8d3d4c2bd3f598d204a6257d7d8d849b3a100838cc15e4264d8f42c9e4ac1cdc0f114b01164f6163ef4f973f35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4766fb568f3a3f12304d66613095ddab

SHA1
a8347c903b1479c7e37e8a76d01197890ca949aa

SHA256
4ec5e77258be29625c196c86673424cbd9c985b628af5d2ad69c5d4e96929dd2

SHA512
ae57d11d8f329253972b49f6103a7c987af84cfd94129f72c3528267e7c32cbab1536de8cf38f403309b17f4e419ee8321998dc81174e251335fcb6e1ebf0c9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
312f60f9bb8fcb001e4cf4b993d71f68

SHA1
f1797b0b0bcf462e28012f5f5458961f681a74d5

SHA256
8772c0dd630bacc50b591435921a332bcc6ccfbf0bef2d063c3df548de13ac7c

SHA512
9adc6e696ca4fde48a1b19f7a03e0ba2900619aaccf2e1734183861f5435d50d5d4dec694dc305eb7df0b930055e59c4bf39bef70b6ba83e3b130df79aa464e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1623.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar16D1.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit