cedf2d7c91cf95aff0d0781f367d1b6bff31a24c193d20a08d9dfb5794d893c2

Analysis

max time kernel
0s
max time network
145s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 22:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

40b7f2dc266af0341f023acc991e3063.html
Size

165KB
MD5

40b7f2dc266af0341f023acc991e3063
SHA1

10f3aec3a2377d65c40751b328c377f7b53aedbb
SHA256

cedf2d7c91cf95aff0d0781f367d1b6bff31a24c193d20a08d9dfb5794d893c2
SHA512

5a52de0be3b803277e699d7894d649bcba8d611fd10fe6a32c1ae846aab62307a755bea9d374c43cba3d7b4f418a06dfafa2459b61ded23dcc1af0a3f7886ede
SSDEEP

1536:1VXWZ/TxjhDrRDS+x0Cj/zbIrnIJ6TT0Lf:1VmZ/FhDr/xd+GLf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{687E4791-A43E-11EE-87B3-6E1D43634CD3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2216	iexplore.exe
2216	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 3032	2216	iexplore.exe	16
PID 2216 wrote to memory of 3032	2216	iexplore.exe	16
PID 2216 wrote to memory of 3032	2216	iexplore.exe	16
PID 2216 wrote to memory of 3032	2216	iexplore.exe	16

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
1⤵
PID:3032

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\40b7f2dc266af0341f023acc991e3063.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8a11adb129645749d8f3f9c583e9ead7

SHA1
1bc383e65bbec2d1c106f9bda254487a184713dd

SHA256
2b3dcafbefdca583955eb2ded6d7c8e53a838d6a1af9d1ff3390f567c280d3a5

SHA512
f7c2ccd81daa150036dc743ffc92b36763352f7f3bd9a0127897108582edaeed40133614121b8e79aeabee1281fe92e0ab9b525e8276e2e072423b86dad50721

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f92a50e4595ffd3b48ebdfe7375d732

SHA1
ef8399c61ab546117af1db6f8f9f3c2c17e7834a

SHA256
fc3ed992ebec140d40a9c991d58e52c5347cb1773392f43bf45ff7a294bba4b8

SHA512
0b4231490c81a069c4ceb7b09f77131abcefa91dff876c09689e84111c803ca76ad3690cb874c6139aea9cad4d04c3bce08a8c9aad26df094b4b1854808d1a38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f23cbb7640b8dc253e353f9d55ff4c2e

SHA1
a6e99433aa78cb4097faffa834b020f439dd90a7

SHA256
466da07123ecdf6149e1ca2615aea42b635d88b92b010f7b71998b839f9236e5

SHA512
365432a8ef55f31405c7fd5f15111d629179cc8dda060817f1c5aa71e3338337305c5477bbc485ef49298e39046f3dc74a9387e201dd1a5a9395c7d541413a7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f1f4d6c943c8b248af44b9acb2e88f3

SHA1
daa6d30052f0fe02663ecb768abdcf6ebb63a2e2

SHA256
bb678ad2fd24d4df25475ff8867fdce48d66a933b4af9f42f14eb9177fdcd611

SHA512
7746eed198529c236cb7f2662b7c3931ff80642a33442809b67746f81c6a03ee3fd75b2c9f334e0d308799b8d03fe02958c4c31e1e3794abe8a91d578f1ae407

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17f5af73f6ffd80a49ff2a1350120c99

SHA1
0761b44154b26aa32ddd1b41c1ffb8848bb120d6

SHA256
dfab87498100c61e6ce4e6e689eabdf6f368c4874787421857cbb9eac93796c4

SHA512
8d73d8dd370394f9c1d45cfb1765e653930fec76ecbda6d60bfc90109df13aa34d6639419302ae9d1b5fd5be1a0a34c16ce93b9bc703f166b02e515aa7b0761d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d296ec11485d640931d7ae12bdd9da0d

SHA1
e6d34f897b9112e3d6cae0f0df9dc6486c0fb7d7

SHA256
375af3096210f7236d3f33898e241a53d0aa50251fe977c68e58d61ec7bd3793

SHA512
e257b24ba0fb57fb8f08894ace367068687f8edc9b25c88bdb4bbe82576248fb3ff74cba185503f0cc22db89b8653ce32fe0118fa98904f400db99a2cc721277

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fed9eb612f0283828fff900d9d41348b

SHA1
2a9e9255152f3addb8e2ca838b5035d2c58c1e04

SHA256
53053e5d3f955e6dafb1caf62ed1b60d23b8ca18cb518879edd47dc12d5b6c63

SHA512
1087971e18cea9a6c872a2296dcf1cad293cf654ae37d2c89155747abdc775c29161b3e2f7d825ae96d5bf031865391fc8604bae492ec5a155b8ef6ed1bdf990

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca7800075a4a2449dd522cfc77a503f7

SHA1
9d506d243db4a80564c6ddec656d98788f2abfd7

SHA256
daa55af50c65e6dde615057b66d281477d9781ec6455c31f38d33ef34cf163fd

SHA512
78da46652e933cd6aed6e23e5776361a9474792f84e137ca1b0ac366d16bd9837c30ef000a80e5f9a949f49d20a8aa03b51cd2660ec62cefb86ff3f2c83bbec4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85009e5c7dc0cc258198a65f4d8ea823

SHA1
1e6b016773d9af787c1833e255ff8dced0393c31

SHA256
36fadf5a607ea63a262689393e1e3b9e7e5dd283f65a433ffd0c68368df71a4c

SHA512
32296f0bc02635bd903665e304230dc7c7162566a83ee41c9c5cf6f77f814a4dd7e3507bd32af97dc998888355f557350a08b6a6f480e4422506c10a27d4c797

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e20e6985c133235692607b30f2932bf3

SHA1
a9ae66e409430436c99f2c1b1cf002e5c4894c83

SHA256
3ceefb8b38f8881e1f5fc9711923b70d2ce04cf5f27be93cf8560e164bb0802f

SHA512
e8abe00d1c98d32e9a811229b217b7e780a3a91fce594c77fe7ecca7444c338b065e3b8de57ef76a38e1536ac330a86ef5ea0e7aee3d3d8ab6161afb2c6bf728

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a04409c68ea057bde0b887c47b9d422

SHA1
931490b90b35103c5da7379bff6be26a77d2dbc3

SHA256
747e001543103614ba00d5e36075dd6f77663ae545ba248ed4f0c80eb56ccb20

SHA512
a65c6f5f6152e5ee4b96fba66b705de9d771f91f079514556572e1a48e4c55880e69572da2c898c16ac5a98ffaeb00add246d9b0cb6e736e14bb11606e397db2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f600bedd38c5ef61c28739856dff298

SHA1
f132b102ebfd21d8a010694a6c88a5547ec4cc43

SHA256
8e52869af95723b34fcd2f0d13b064e35474df5d813634e4a8f11524ab9b9376

SHA512
4f779734976f62c8484b55b83c75214602450b9228004a1c6ffca2f5078f58a6d8777c1c699333babd94e8cbe929de45ea75c9035d49c1f324c83cfa885696c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit