82b1ec5cf66ff6bc25b85a05e978edd89be270eaf42535353e393254422b0e2b

Analysis

max time kernel
0s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f020881b531a6f3656f028c3c28bf62.html
Size

44KB
MD5

3f020881b531a6f3656f028c3c28bf62
SHA1

05f04d76f3a36473aedcd0ff74ca0c3e23b82c4d
SHA256

82b1ec5cf66ff6bc25b85a05e978edd89be270eaf42535353e393254422b0e2b
SHA512

475eb4b57008e7074435cbc2ba385c70bce0681b623f09ade7566fc479c70901e3ead0c7ac5bc995e60c6a622f70d4512adf990a826ecbba498fe948c50e6187
SSDEEP

768:mwS0l/sGVLsk8ejW4mTNn2oXcelgKr8kArvrk:mZJtpcelgKV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C76A8981-A65F-11EE-8837-E6629DF8543F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2212	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2212	iexplore.exe
2212	iexplore.exe
1252	IEXPLORE.EXE
1252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1252	2212	iexplore.exe	15
PID 2212 wrote to memory of 1252	2212	iexplore.exe	15
PID 2212 wrote to memory of 1252	2212	iexplore.exe	15
PID 2212 wrote to memory of 1252	2212	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3f020881b531a6f3656f028c3c28bf62.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77bb7827dffce6895f2016deb2d536e2

SHA1
4ba4e43151960262f113ead82a38d50cc343761e

SHA256
d8b3bfcab9912e31a0ce911184a60623397d594e855034f2f113a4a7f479dece

SHA512
796c859183b40f0fc10b0a7d42e14932cc5bfc21c65cb0288f6ab4071424d7d88fed6a0d2a622c75bd535909a8f54182bcec49b96a9d6d709e61aefc4e778b71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6cf92562c9b76ac356780ace1c642a4

SHA1
9df41b4d0067e4c59432aa1a3aefc1bc334c603c

SHA256
2f1c4d4041d9fc72944fb1d5a40223ad19400ddd92eb7f90d26c86ba0c08ec9c

SHA512
c55f7f720075258ba825e77765b1b576e6637879e51ba9ba45a93c90b13ece94ae5b6e110a092f811e52a356b76753db984ba478c5b5b29cff1e44b30abb55b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8d7ed5a2b8a0aa2e30821b6e7f97704

SHA1
578ac008bca89ab81494cc1f619ab05e2dda41e8

SHA256
54a96413731bebfb96aab710b28326e5c2b1ff6de1765c3938f35541a7711f88

SHA512
22ffd9935cfa74c74d34273bad993a12f55bc7fbc65f8bbefd632146c38b54cbf70521bce369209b8117d723630a2e8d37849a30eafe1bb4752bbe2edb39fff8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8182542b2a861a41e12cc2eeccf3e1f

SHA1
fee48b787dd0dd25139895ccd7ea7a242316adbe

SHA256
8d1642fb079ee64d657df5828a0ded85a9bd9c46bf4ec25125b7b4cc9f609b9b

SHA512
5b5e032babbcff1c7bda401811d28e0befd70b625a2a31a1b2ae30d5cec33d1992f7f9bb4123c5627c30ddc384a84861f0d383c22da7322ba143fb53a2aa9053

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f686996b7f2fbf23e2353efdbee78dd

SHA1
c3f8dfbbe325275308923709b4e9426858748ff2

SHA256
7e5c743963f993de83a6bdf07c0fd514703b1927756434f661bd3ff3f0f3e6e7

SHA512
31db7781a3fe1a0d25b4047f6b0d3f8534750ca9db28435c3b692e7ca4665fde103c01634421f07991e17da10fdd5a6ae8cfb8f368ca5d4f722872967fda3392

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8cc582912290db9ccf2b740d7a8d3894

SHA1
c772027586b433a3bbca4cb0fbbb61632ed96330

SHA256
bde1ca091bee6e8fa86c153cf80e746e62e1a30980b56c60c297b534f4b9c113

SHA512
f10429e329b4512ecd4b61ece56bc7a5f95c7e6a18169b3f5e5d3d7e5f634bd2779109b02d3b8b2e05abca61037221178246f08e92cbdad675ba6f3a0c501a2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fbf78ba7a47e61bbbf96c57e6e32924

SHA1
d1207796516aed95d73a71a4d250ce5d1fb573e0

SHA256
e912256f56f08a7a3e3e88f627adec174cfbac8529eb8fc8e98c451c1777cbe6

SHA512
07a1d7bebf3eb25bbacec985997babbc461596fe71fe026622e871fd71c7d579f56b25cd76cbc1be21257a58e5a63a1b2f4ab876197cd5748fa0f32b17dbd5c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e94aabd5cf17f4d6e3340145310a43f4

SHA1
d9bd244a5c9f563e648ab3b648047a2f16f810ac

SHA256
27464958878193b5bd9451c8fa2f1931788627c468c056f2c7a2f86ee826a1e4

SHA512
20247d54c4575d62b55374efde3c712141c6288061ff6b9c88a57a165e430d0dc529840ef081b4e0677e76b9628130d65575e3ff270aa36284416caa03ccc147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
509d2323b77eef1a9e413e063828d0e3

SHA1
6bdfc449d60cd95f146b14b9e0e000e2d3f0e58b

SHA256
2cbbb2e9ff89f4823577a01a08a0adf85539948afcad634557d0f6cabe742635

SHA512
e15c1e2146eb3236f345d0fe082e99da09170554948e81dc0063a31ec1d431ac5c07ffc9bbb3f4161d463041397d37efe268138b06cc46b00659c8f4190a332e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e31700656be8efd97194367913e95e3f

SHA1
1e7dce9ee328098a1a4330c7820b37e83d16a40f

SHA256
8efda6aa781d5c312c2e22b2896da573b4348ed04d13654b52f91b1c4e172719

SHA512
1d9e3d05d1c27ea8098833ba4cd2bded65700ec0467343a323cc3e13cd9f19918b2bc055414646c9e1ae6cb091a3a685eea69e89dbe233b8d015d275248c84a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a60d02d7541a27c89e2235e8ed1c144f

SHA1
7251631f8cdb1aa81825e2df2f7d097c463766f4

SHA256
c5fbf9783348ed71bc960df5fa61eb41c84bdbf9000e64a267c4c300936ff1cb

SHA512
88b25921f0b8b5be3399a23e323227b36e4b65359a4f4e2ea31cfcbe83cb784df2c8f1cf3d828ff684e21465076e96e447954a78176b2cebdfb6b577bc695c73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf7a0a4934028ee7976d80e13dcb14cc

SHA1
865c060a986f960cefc9cc50f54504fe64f48189

SHA256
9196d26b93e08dc94e5db8d66dcbf70e4c02d58f417ec778e284f9a68e413d6d

SHA512
202acde2ecd80a3ca170b2fab34f9544fad4f5bacba578c4eb90c10499bb616362861ce6eba02202e6fc4810284933c45570f6860dc4a94e3e87bc79ca280129

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f81350af29bdd2ec8b7e3a5419e555bf

SHA1
29093d73f0dd3fe85cfd4d0a359885018233ce0e

SHA256
ff1974eb22de23d24dff4a2c9ccf444eef9385b744ade494c922f0bf0dd54c3d

SHA512
61512598db64c4dd1aae4fbba0c4f72794417785cd6822cea2919aa0777c4636f4dce344d526f93fa2d08ae72620632d288f382933025576d6906e4885e33552

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab917.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9B6.tmp

Filesize
64KB

MD5
69b8e2fe3bb7142b759bbc3bd3092cc2

SHA1
c55b032e44415d77a1a2f3f6c6c049b7cc32afd7

SHA256
d31cf766104ab57466eca8c74b0b1dc3f7729270b60df98dde747087ec3e8bb4

SHA512
c3b3ca6861a0e35822f0c5b6085f7fc1444b051548aec4362723d1b7a14b72cd832335ca29eea23ce8f9fb71f4ac76c6bf2b58a220722e7843461bf095970b7b

Download Submit