e03b226627018e2bc9a83c3c9f003d446db2cf508458835872294743c8686587

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

418cb1b19f7f94be4c1a47e93c8c170b.html
Size

9KB
MD5

418cb1b19f7f94be4c1a47e93c8c170b
SHA1

fc94fef8732322ed2baaecfcf0278173841968dd
SHA256

e03b226627018e2bc9a83c3c9f003d446db2cf508458835872294743c8686587
SHA512

ebf14c2dd12e5ad784fa9fd6aac215de9bacb0441421ff5a32a57a8a36774a642a153873c121e96ba0984804cc48491668e86b98f0eb8711f00da25ec4567974
SSDEEP

96:uzVs+ux70QLLY1k9o84d12ef7CSTUrGT/kPs3pUlVHcEZ7ru7f:csz70QAYS/6uUPHb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37CE2C71-A671-11EE-9D00-76D8C56D161B} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03e1f0e7e3ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410033441"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000d93acd9286865b7b902fa6d153a015257069039f73755ad658f1ec4af9dc459a000000000e8000000002000020000000adf80a54fab0c5ce134d8c85f6b5ed6b3d425886e403236a995ed7544f75c4ee9000000025a5ca43d4363a45312999b95ed49e19018f18fe70960c6263ff83cbd055179f1431afbf32e2ba5d3b42d0510535c43e5621de8c55c345bcabae334588806089dea25f73f00c1769219c135d6a756c4126c1641906f5f136209014a1bb86c2c5aa7b1f2a04e7ea5fb45425ee18e2b23772e53a2eadf0204f102998d0121ba9ba5a4a50c89ce9bf198ed47bffcd1f9b5f40000000e74a965394c491eb0fcaff80f0c17b5bf4388370eefd2163e278340c5a3b50abc0ec422416fd155bf47fbaeb5e057ceaa490be5d85c1904064a8acbdfadffc70	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000c63265763dfa6af8a74a7cd4feecad5d776c3fe56da3f447fd8cb758dbc7414d000000000e8000000002000020000000641d3397f8312a1f9c384ccc701fb7f6df700300bbf5689830407f3609e0136d20000000e3239cca7630b13afce6d169e7f8fee8eac4481830de5e47590ea1e81dcb38fe40000000447edb6e0e78339aa9fe31f15fe418caec03c2d82de9c77464654b8ecad8c97409a7e7566621cd6216efcd745d2cdd205782958fb16d3ef5544df9a965ee9d8f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2356	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2356	iexplore.exe
2356	iexplore.exe
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2184	2356	iexplore.exe	28
PID 2356 wrote to memory of 2184	2356	iexplore.exe	28
PID 2356 wrote to memory of 2184	2356	iexplore.exe	28
PID 2356 wrote to memory of 2184	2356	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\418cb1b19f7f94be4c1a47e93c8c170b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7defc57a6325ba2d3a350eee939c1388

SHA1
f0634ff7bee036d6999a4684439828b9871cb401

SHA256
6935544dddbf3ff70b894f9c1e5ddfd16c15fccdf2363c8b73665ed6adb5cb85

SHA512
6f06ee9fbc00e00ca4e17ff4d4c7d98dd029e5f711081ba3e4c231cd5cae94ffecf01c7e7b447b2a94b27e2bdd59ada6e31afda9c12a7aea8b2a9a92de06d6ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44bea759f1225c01cbdaf3ef98c7a7d2

SHA1
ca85dcafbba4539e69d00cf2390b7daabe92dc7a

SHA256
9d0426b25ed72952e24c1950817fe4d3ed986986de44a84bee5ff69df1d8c763

SHA512
e9490360f40ca0fda365899e3525f8b51464b436e900c7dc6e9b949db6d9f850e8cbe67c89670f9b3727471f3c6910ec2a45686c1fbddbad15f5623c7ed90738

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c381595b8f78a810a2ff52f2a3082f0

SHA1
df7d94961676cb250f755eb823105bb5a2929fe2

SHA256
e7715a05c66a8ed7b21284e09487c7b2142727e8a4c1ad7c9b56b15f9d055152

SHA512
77aa573dc8113f83b8f8e239873d300f6ea50f01abb9ac5de6c5fdddcdea91a1819388702d2f2c98ea0bd9b54a6da8301fb9cceef207b36b038afff06a5ddba0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18e126af14e321214753b75dfb86df5a

SHA1
1daefdcdfbd132d3b7156f544a806d3fa912cf09

SHA256
4aee46080df7b26eb3a26877932df318ae9b65046b7a34bbf9e8a967ae143f4f

SHA512
d4c4604961d625aae43ad30a7c06fe104fe25a0a891e722266605fb974170a4adbdc251b3040cb198ca22000e8f132b2e4fdaae1c2c16b5320aa75375c796d94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
314818e855b85562cc5e1f733c43a955

SHA1
17a720c3f75669a6cf4e72594745579fdac77b19

SHA256
41631bdf5ad0070ff1dd60d02f110c266194aab331a3e238adba7a69c42078f1

SHA512
674b35c413b6bae02313159e08354efb0ec2d6735e2a636c01ce25e42ba9a069abf6e3697fe93bccbb914f173eef6478423800f6c874bd5652156e4d96f4db28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39a7408c18f31ec08dce42c24ff2712e

SHA1
44fef0cbc5fdb0557c1e354c8de21ae7cfa7a66d

SHA256
0ebe20c6fb73b78f1901873fa0f451c3c5578f608a0aa67011f73e259fdb7558

SHA512
58edd819a14b5c279ff301001a0ccf9a9b502ae1c743b902c3ab9f00403c969a0ceab93cd5569424ec1cb18ed0a8b9ad1f006af47514aac7d4772052d9ab2854

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7f40fc6c8152b1a0cc2a2d2daa2247a

SHA1
ce76644bcee70d55086b9fb3646b67a482787b3e

SHA256
85bda17470b2dcaa186d7f0d339946293028df6e3d298bec0997026fda2ebb6a

SHA512
e482e5bb65cfb876bc55b02b02a75aeb19baf3d108b405536d498ad7e2cb49101029a1518a00d92511a8dbcae7bc3706a75ab0e614c86228914e82a883a3a3c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
321eed8f0dea829be322a87108aff61d

SHA1
c88ee91f75e1a96e04ecc44b0644f99dabdd24a0

SHA256
d6bb4c11c432158a46430d92f23158dd594a78ecb7df784574813b94a415960f

SHA512
7df48abb3486c094bf093eb52fc23e67abca3796c4374f7e5c6d2b850d3d4de6eea21834cbb2198f6d4ac8f65b162b6fa884d84971757c9779ea2dd7a0c4049a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86c971e7d622ab7f5996952126a4ecb9

SHA1
f8601c1b7a8f6c89bf0df74f08f27594c2799ec7

SHA256
bbe1bc22b0259f030dd53b1e936b4255ab4a72e42c1f93ec2d5e92bb1127a0b7

SHA512
6aa8636fd90fa0375a8092c4ac85ec687fed1597bbe0aba5602f2259fbd6579851245d7cd8b7ef3bc7aa1fa64ea1e05fe79d32790c70a3e3597515542bd2be27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d4de1668cfb12e451cfd2d4a2d5b723

SHA1
bea7da0b05f770385733488a51551061d56954bb

SHA256
5d53a21f0160d6b0ac70a7bd036f65079d8d84480fc9f2d2c37de88dab6ca5d7

SHA512
422df95a9d3fe5a62a0d5c9e04d0e7f61a2b2a151c7dee10a11a62d866179eea3b959e1165551f6999f2ef088c913a6899cd269067f4561f393c30930369e3b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
232f9d42a8551fc8911e7e731a475bd1

SHA1
12bc1f3770713abaf05768c160021b88d1f62868

SHA256
18cd0144431c010421d2711a7698702a2111e8fb23f434f015662e546772b5c3

SHA512
6a3f0317d7deb9677c5cdedd28638cec49aae2c29dc82ef7de98fd726b2ee27a13a93591c2180162f1f42520483fb56aaf190f8532c48bc9f1d5d9f1a786bdce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc1d316d9fce37a8c0f4ffb4139a6fb6

SHA1
c785fbcab37dda52cd158687edbb42ffbe0b2442

SHA256
44d5365ec5611d7ad3b369bc8bdba62a774ad50cea0ecc731e10bc950032f8eb

SHA512
7e0e25fa6c22991f221e4928f8e31bf215499225389b196cb4045eb318d7e9dc8345746b098f87f9eb5773a533de4cc4c7f5248a6033bcc6b9cfce39cc9d84f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2325ffaeb64ef6a77fd60734689aff18

SHA1
1d1c7232f2d6ff6c183faae92183cd9fc59edebe

SHA256
1a0197f9a036b1a2dd348c1bc46f82b067a2f02f3d2df1656ed4154b5a0a3cb6

SHA512
3d154112d8e370c68ecd68a054af267ab45c4856766d7a9d723c0d2aedf31f9c6ef48e94118ae4ad150221adde55cf329c2d45327e9af33eabe2e97c55c95ee4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8d368a30e7c6ce56fcf5cf6b6c092b7

SHA1
451db401af6cb71260f365e2a3215c6c8dfd6414

SHA256
d85a7c27e4c87213787bee6b4af8693bdaca670e5b3be1662edbad8773190a20

SHA512
baa9d8aae19d668e7cc46dd8887f2f01eb75290d09617a0b436e6ca93602df3d4efd1c6553120508987a6b2ddfb1998853caaa5bddc3a0d9ad55aafdf381c741

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40e87597ae21c0e8da4c167e0c609f73

SHA1
711f88368bd95582491417d3101dafa9947b833a

SHA256
a178154b43369813abdbccf71af6d9b7961d1b22525cacd9ffc227d6dcddb32a

SHA512
2ab11a53339d3ff55fcd0167d7125dcdf133d1a79f772bee2b5bfb20f1c43e9e7f7d37f0b4bb80821ed9f18eb4e6ac070f57f0589a27d4d0c381847947221e65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e9a2aaaef6bc6cae6acebf03fb7355a

SHA1
f6b45fa5ef3bc0c1e54ef5de66201a78a312beef

SHA256
bb9224ca2dd4e33208f2e9801af2edbd6cfb3ec46b5b88911e406296aacb24ab

SHA512
bbaa5534c905e1ed19e5de530ff0e4ca28705a32bbd28e4debdd55076afe7def1a784440540f17a599bcb009abff78511f3844011f1d9b4c94d873dced17cb3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB954.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB9B4.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit