db9f081950240b7606ee0f70ef95042b5ef1959d1dbd8abf4ba034f0052a6629

Analysis

max time kernel
148s
max time network
155s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 23:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

43590f30e50aac9eefa36479977ab6d5.html
Size

16KB
MD5

43590f30e50aac9eefa36479977ab6d5
SHA1

98fb52015e99880ca30726e1ebeed8590911320a
SHA256

db9f081950240b7606ee0f70ef95042b5ef1959d1dbd8abf4ba034f0052a6629
SHA512

3563ba9bc3a42deaaf7496e9a722f37daf5dc1152c59d08b818f17d1705a76bd38d7a2c21708ee79cbdc65fa3a038e4b96a12a97049f38366e8624128ca63e4b
SSDEEP

384:fWQ+++YcxIQnjhAZ10Kquh1MPrcXJPHWIcPGzi1/9hNjlJU0aR+XzFPZ9NLs7h64:+Q+++Ycxln2Z10KpMzsJPHWIcPGzi1/C

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000000bb2b17f83e3b2f7d56b098322531696a4ae3c3cdccaee55994163da137b3e16000000000e8000000002000020000000a8a57d84913ab9bcfc15d5b8f644b22073d31e6e3d2871c245b2ced10ed6548690000000dc5bd970d91d18626ba9846f6ff5d6403fe71c775641b694f8f617085d1f38036ce592878659d460dea582c731667294ce7e30882c36f7e2753091e5fcfe6f5c6087318d38f7d097056b393756255695b19cf21229267db0ea8d4b8ba6d9c9c1fdc0c47226f574f67316cdb6668ce16ed4438eb1b8ad0303f324a25113561ad5930cd3e0fbe325b59b686d1bdc0a45fd400000006a57539ea186eba54d1287d30200de5ee40fb4e018d114bd38eacbfc7378546f603eabf3954c6047691ecbb1ac635a777ce10a12b99a23e68261177edcd62164	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2E8CC281-A44A-11EE-A62B-FA7D6BB1EAA3} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000fa03a3917c8e92c6009418bf69d5f5962b9b5b86efc5c08809bcd1daca410904000000000e800000000200002000000043466e416e6ab3818c4560c9555d4d3b4a0d8127ae73deebd44fb77b93502e182000000077dc11b830167e41874d166d3350f308e8fa39330c82ccf40befcfe3021e5fd04000000012ab631ea6306f68c29714c7ceb95040d9ca0a262644d8f3fb914aacfcf9ad95c0e9150588c4fee3965f60cf18601e4fb08657d4d38dc00dab82d6cd3cf0423a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409796773"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d03d2a075738da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2036	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2036	iexplore.exe
2036	iexplore.exe
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2448	2036	iexplore.exe	1
PID 2036 wrote to memory of 2448	2036	iexplore.exe	1
PID 2036 wrote to memory of 2448	2036	iexplore.exe	1
PID 2036 wrote to memory of 2448	2036	iexplore.exe	1

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\43590f30e50aac9eefa36479977ab6d5.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0eeba909bcd8427c8c4e608850063b04

SHA1
c6fa11457ce33c66c89949337f1bb16c53c0bc57

SHA256
2d8944a547a21e7e13c0ec120845438e254dc653616def51e88e11141c5af92d

SHA512
f2483ae8b1a4f42414cefa62104c89ad614e79a52cc7a5124fe99d4c61f0b28d46409a09e1ee4f7a405666fb877f3c3b336fec86993ccd1df62a98fcd73966f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ab3d62d469652a501679fd0137cbb0e

SHA1
6bd4db7bf2e11d3747acdf0b0a9271554b78782d

SHA256
0ceaf5ecce5f9621a633730fee77be651cc08bd41af8488fed9bd9aa5b235982

SHA512
4829464773947ed50a93da9cf487b22f84591b79c011d567769bb2909be415de38585d9eecdf0e9534f112beca6c2e48c9e440d7052fbae2dbc5020f8782ec3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4ef074c72691228cb358ba9abc512aa

SHA1
a10f618b8b2707fef93544a45413d3fcb4ee9e89

SHA256
ef679a972a63b660caf90a317e6a4485cf2366b998093257e7a85e46f23e0551

SHA512
fa97fb72014ff2a03aa2f0d21b0f1e536ec4698aed24a6f5a53b37767468e8950c8c5e714e0675f715e6bfd26ed697e995658786db8f9a297db830b1e90c603c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25f76f8d6dd6f1a7c73b102856509c0e

SHA1
4dd7bc92d7f3adff01f3be8eca9f02ac2157359b

SHA256
9da66c9138452b4eb1e22a70fa2afefeaebc02178ec550f66f13d5876f131553

SHA512
5d2d78c2a34708fa66561f4eb1161e281dedb73e909b0a9ba3f8aacf5f7ea96048f4324c00194da5e217d9602068a1cb5c1b149a8180d14cc2a21a4dbf2156d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fc8ee3f3a4932683c7aa83bc24a7728

SHA1
244d4a4ba226e9b66e2eafb500fa114654df464c

SHA256
02f2001158d82676e78fe21d9009e643fbf6c6bc6e96003faecfd2cad9d2aa74

SHA512
a806cecc632afdb9b4c35aef03c53a58640715c4e47e4d562d68b3e01863b927164eaae1603a70305ebb82e530290432978d377b3b530ed33e787fd6c36b2fe4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a6385ed24c0315bb084ab2ee1960beb

SHA1
3fa1c4f4aacff48faf670962a41ac30c53354db2

SHA256
8e1890e619051e827828150ed55c05704f0905ac6267a5785c6d0fc26b032251

SHA512
c68cc897256b5fe2bde2dfa9059070c247e713d1a42d92e0754f16e8beff3532c5ccd37b16b15b7de75fb55e5afbb568952221a350fe55795c64c6d39a837603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13b92099bf091fb8c4f3801abf41438a

SHA1
e62e19df701e6bf2df243283929871981bd6ec9f

SHA256
f49ec8fe1ee90451f82f59a0ad742aa6e0035b68d97f9460006ec40cb5e063f7

SHA512
e09386a24ddccb1f0c26c862d8a99d56b0b56fee7ff391c01dce1c0ecb6cf3ea7744ae6bb1d51fa844bbb206ec948fb498728dff7da765e82a50ab11c2fae6f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dd030f43c8bf8bf1989a4a5074d6bc8

SHA1
f3501fbedff1f4b27e6a00d98563a457291bf510

SHA256
26f1877a6af52c4e91d233599c79d4efd624862d4e6205278801b557f933fcb8

SHA512
937ab8fe8960522a79119a90e9c33a5fc49dd15fec8f69180bc3db1f92b6e3c84f16bb63f4c8cce3f85ea5dc30f196f1ee4ee7a525573c8cd882e0b99305e6d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d8019a838840a34f8ec7d45b51e0411

SHA1
22d2ff272f91047728c4a8c56231c45ebff8421a

SHA256
03ea7af59d0ef4a04a1998bcc63a226d47129995e3778cacec92508207b85e2a

SHA512
63e7f0d01168a7aae2a647815a60337711a01aab3768a58edceff61cb121993d57bd2b318e2f4c17bcb777c2298fcbb32ed6de4f3d1c2506990ba1a023efee15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f875dfcebbb8d799cb818b2156849302

SHA1
3f4353c3b52e9860f1e0020bf25e9bec37a06b32

SHA256
6d55a3cf32689d59333caa5dd0298b019fd156099b47b090bb09bed2dee1bd34

SHA512
dc139d2cc99399b01ec58e8ad67abb05c2c17bc34a090d5e273492b9c85130f000aa13718ac5f1fda4bd200eedc09359d68407c04b1bf01db6561516e6d85ff9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96b0385879a1775e30a1beb9b7bf267f

SHA1
6e2b065a1fc0227016587527f0191b5232f4d55d

SHA256
391afd4b31a5167b3b702b6a5ab28c4faafaa043e1f6ea316fbde62e34d62579

SHA512
286170c5cca333f03265a673039ccdfc5c6b6cf4c4a6377a475bcea5185997e689b2cf558b46a8ea01304d353d43fc3ddb62045715e1cec6a1a855ab097c307e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb78f96b5e966484cd5e8f81f65f8cd0

SHA1
6e9a713bb2b4d95281351d79ab6a5eec2b94554b

SHA256
df7c4c5d325281ce94eb7bd42402e39b817259ed4dc3e5cd8a5011a6fb6da816

SHA512
7a292d1d8e8c970096bd2031939d3ec6c27adcf6c03f26001f5fdefa05d45b5c515721457beab5d6b20f5ef13279b9971fd7b95ae0fef79588e28e8005798866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ef26824e935abdeeaa8d2aa935de6df

SHA1
096618756d877e74eec3583bdb6d9af3fd57259a

SHA256
166e15158fe5b7d87fc3958c809bc7ac0517638177a74dca7cca3e9144f80ae1

SHA512
a68f0b18804b13eda12d5ff2c914eb397264a3867abae990914418c5d0dbe646ec1865b6b4c5d282bea3346741d0b9286b5ef900004468f8a3ce30289daa6381

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b86bc983093c0c0fd59b43ff323e9d0

SHA1
1a6ab676ec8447f3742881fd0175524c843bb4ab

SHA256
1b4e6752c2102804b06137a6a8179f1af2a5196ba94114af29f1f3c71e7439aa

SHA512
a93f18a4c5acf227d6edf650408a64f25329db7b5e2d040d09ba0038fd4d015308dcf717fb7c0b36a786d4d1b885ae99b050516e38b5de85b35c0bcde2b1ffeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9dee71f42e4d2a811b7b22635c5fa8bd

SHA1
74f610c437acec99708ff8697d3dce404f1db39e

SHA256
4838d43d6082d66371ae34b549d07a1449e9db60a0a18f077d2ba59013d5bfb9

SHA512
49d5098b31098ec044fcf8ae4e7dfed7da9a4670ee695bad8d41c5f4a2b2b99dbc4eee522f42e2fbc2d630cb67f9592268f285f098b01ce2fb269635d8cb2834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e33364ee307d32ea158b507eb224ea0

SHA1
e807576ac53c0eb942cf1f6a69263d64d176ab57

SHA256
6f5028133b32107d2a2659063c217783c867556d89f17d5a912286f25445a949

SHA512
03192fd1e3fc39d4104ba7942e4a6accd5c95d9e3c0da946e112ab97eaf9c1e3e551f2521a028da285da069ce0a377f1b39a276cc5bc6c7a1ce0160f165c8c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB261.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB58F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit