c50effddc46740b271af4500264fa0dbda4c2eee004d77f868a8b2cbc6aa364f

Analysis

max time kernel
62s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4092c2f86dcd9d9e377c10757344b093.html
Size

13KB
MD5

4092c2f86dcd9d9e377c10757344b093
SHA1

37d7b0e4fadabc2e38ad28f9031ee2711c68c39b
SHA256

c50effddc46740b271af4500264fa0dbda4c2eee004d77f868a8b2cbc6aa364f
SHA512

18b11a1d3ae0fbdefd50cb770f9d6914e18323dea29d9182cee8ab145ae99a6c56b1b0b204994ca275a48498ad540ed5ab6c2eec2680a16fa4927c800220af18
SSDEEP

192:1ugU0NUMoYEaygq5/ig7G4LIcJZAcN2wOq8BEgtY2dz1OFGyXaY32m:1u70NUMoYo/k4ccJZAcx8fbziR9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E760FB1-A66A-11EE-8D93-6A53A263E8F2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1244	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1244	iexplore.exe
1244	iexplore.exe
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 1740	1244	iexplore.exe	14
PID 1244 wrote to memory of 1740	1244	iexplore.exe	14
PID 1244 wrote to memory of 1740	1244	iexplore.exe	14
PID 1244 wrote to memory of 1740	1244	iexplore.exe	14

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:2
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4092c2f86dcd9d9e377c10757344b093.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16b1afd2c268d1f6850aa13fa72a4282

SHA1
b6e75690d0de2ee2b330383ec70f0918fa09f3c9

SHA256
27fd121c262d4cb86c1dc0099dff8317d14a973882114f1a31365ccbc71db1c8

SHA512
9fcf8799b27e8bab339db8cdf97c78d11d83d5d8945735cfee08668bb1124097308c9c550ef5b0303cd3a528f5d27846c07efc14e44788511457a7c149dab16c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8edeb65ea074b1e4b24679d93331013d

SHA1
4be64fcaeaa9d75db56059462bebb9f55ed5603d

SHA256
d2e66a4b761be6442d1cb28336e719c35b8ef4506dc7e9f773dfa3aa34bed140

SHA512
5e1ea5be21f324d51b88e95d977ceb4ed7c37190c2395763df6b6a98ce48d9ad2d5671f779a51f69d363f9d290a1526181e47e2855f47eac446da321d9179367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34450cd6234cdda99790365c4650d76a

SHA1
8026ef4d0a98821919b5bd0df6b88444dc34fce3

SHA256
86a7eda012d270c38351d5ae28af15148213a1b8425b9be19567497a0b2c00eb

SHA512
98fd796f5e47f9ee6257f596bb1299f438d95a8a396c0ca05cc8f60f5b5f2b464aafc4a224b137fdb3eac240e41cd814da2bdf50820db2811471e1185f96b5b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4137490ce65adf1afc52fe2b98a88e35

SHA1
ba0415102d2fdef98fbaa3fb9e7e1189c6de11f2

SHA256
575e5cebbd09fc216e93b0f2fe037493aba4759df955a8234dcf13c046e32c2c

SHA512
556599411f847fe33658d069364f7447dc99911e0e51fefc56bbe74844b408aa244485ddd92a985cab41e2066f98cea4034e4316b1609e09bdfa809280331807

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d3d3dec539f75e6d725654dfb5cb94b

SHA1
e3e197dbcb0468c6f6b88bdf55a1e38a5f90468b

SHA256
06f22a4d7fd86216272cbd4f6deabbc7728a802ec83fc18f8c4c09d8253fa94c

SHA512
e2e73542e3c52922d434bf8b45da8c01472cf424e778b0039bdb649d88f041985a9736a4fb8200e5d3142513e1d57baed0fa04cc4c7190cce94e97cf9eb682ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7ae11ae7516dbd6f06d062194af2caa

SHA1
284f295228bd150c3379cf10be0b43d014f2128d

SHA256
f62aef02513ac63298e80c89d6fbd7bd4cad1dadfa0d0a2ee87a8e5a34e2cd5f

SHA512
89ad5396b8922704cc575d9a14346db74eddb889fdddf3154a5092b13ea340d4f2a825b1792f86ba6f4cf9aa4a1e34a479190d4fec37f0f5cc9d745a091faffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb3468594cbc1a6990c3c2b9ad80c0d6

SHA1
46eba8fc442ac5d22879eff5fe3590b5de3183e5

SHA256
162f159cc4ec01fd73610fcf8e10a3e54c90695bca186303e939c9d1aaa70b2a

SHA512
740bb08b4f1e36c33a5bf313ef12a52604d5c86a341d004bd609c5aa17822af112944b637403ebef240b5900403cb74a555c9e38b2168a6f26f6f310692a9835

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
011f877b17f0320a18200dde8d93b295

SHA1
7814be338614c1305ccac6329e75e133a4da572c

SHA256
8ca9a640ad9119f39ecd15cda819ad841cd1c42f5b5d97f70ced355bb40611fe

SHA512
4569daa7a3ecce82352098d0587c1faa23697d97df89e181b7e9e8c0f7ce6f6bf20c054b0667aaa0d269ff2984249384fd96f91e245e439c79dadd80107a6fa6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15999aa2a7307bfdce067fe8704395eb

SHA1
f98db5b38c4956f4b1621691c25c1bbb38589adb

SHA256
3b01d1fc80bedb1dcd3997e55f09d2197456ed2e83c0d370c771ce0b8e93e4ed

SHA512
a67e008c603309ab5b1649a9f4f8b298c925d02894fda7f729a01528270ade4a447ad16387a14f9317bd1918d7f494585f29b3cdb9b6547a85c49c5ee118b429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca0a03fea1599ebadee96fdd3eaa03c1

SHA1
a909eeedba788272b9d84db413bc9a77e7342efe

SHA256
294d4f0e26cd2284a2a5785ced0f340d2f7aab988e711ac42378ea3e8215251b

SHA512
84077b6cc176ab6cb7224e8d5343589d9c546d873788dbe8dc81a2cf7a28cc47c05f0c9a47ff53cba72a33ebfeaa31246c65c4951b46126d68bd8fd9ea913960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
901f09dfa2affbb7bb2a3978db9f2aa7

SHA1
0921fc0e9299c6fc7d00ed4d6b422166a596fbd0

SHA256
fdd0a6b5daacbeaac3c41952e851ae720d86b0bfec3686a95003333a467319df

SHA512
c137f814754f880d0778b64f1272bd04c8880a8e91d417243f74f423906b62afac71885e6ab5d78266043b01a4494f07be180570aefaefd41b5c7cf5f2d901ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e51970f668155ad44aa3e581f1359903

SHA1
9c039d86e745930ab8e408ec37d346f3cf5233f6

SHA256
773d601256d93115d8a3067839634b151baaed24d36669366d3ba91d0a73d2ad

SHA512
70c2072efe4bcc26c8c65824d57c2a8a7d698ca4ea4213c3ba2ce74385aefff63be5b9ecb709044753633bf299e7a7dd0336e6b43a1ccbb32a47a8d1c1792857

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e12d10ee513809bc7769b508effe898f

SHA1
f1bc166275ea71460955f837424049b27b4d53be

SHA256
a0bb284cf014f7710a84a7a69c9f5af80655b083c866d15c0948c083239600fb

SHA512
eee3c336e88746ef66f9f4466e779b3366f3b974e4f2454107b23f296010e151d0cebf41ffc84f2a6d567e44db76bc625d8cd8fbf1f7dc3808e60351c97d3439

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFF75.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F2.tmp

Filesize
73KB

MD5
fbdfc099dc36ac8641898e2f279e75bc

SHA1
41c257972805ca77d859d3f7b62425a878ab8d55

SHA256
8fde2c3be70b36e30f5e037f6cadd52cb989504c91042f8eee55debc166fcf20

SHA512
04e1621567a7f907b95e1dd3e6520d956c4e1d3d85e0cec96e4d4f97504d7a6812d0a32100778839ef059f57b25e4b25ba1ccbaa7e5100d318057f08cd36e20c

Download Submit