bab45110e1602264c93f5dab00cb1765b8dd621ee3a966d6c5f42c470da05fa1

Analysis

max time kernel
19s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4433a510529e6f5cfe0e49d011b06ac2.html
Size

7KB
MD5

4433a510529e6f5cfe0e49d011b06ac2
SHA1

0ba903ad8c5f98450efa20ef8f3a1e2dae391a45
SHA256

bab45110e1602264c93f5dab00cb1765b8dd621ee3a966d6c5f42c470da05fa1
SHA512

9edfaa49b415bce066d10c8aefcaeb837a15945cf9f230d6fc9f3b7c0b44e047ca2307b6bbe27c636c8ac14916aaca3f10b220b271fa01615b545065e7dcb71c
SSDEEP

192:ln8uqnGDSSW0nqbDRijCyPGJIDbhOIu08zXSY2uD:ln8uqnGDnW0qbDRijCyPGJIDbhOIu08P

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8AE3D481-A44D-11EE-B5B2-6A53A263E8F2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1880	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1880	iexplore.exe
1880	iexplore.exe
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 3000	1880	iexplore.exe	17
PID 1880 wrote to memory of 3000	1880	iexplore.exe	17
PID 1880 wrote to memory of 3000	1880	iexplore.exe	17
PID 1880 wrote to memory of 3000	1880	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4433a510529e6f5cfe0e49d011b06ac2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1880 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b1d1a80f47aa538c00b596f45678bd3

SHA1
1d564366938428b75490a14ecd9b0fba436153c4

SHA256
99a3780cbc8c1328084ef4ae8d94f3c897bf148efc53ef7f54bc7409985b5a9d

SHA512
50c32b00f2785548ac05bdcda148db518353f3c40cf65b148871484c40bcc9138ec5a65c0298aeef7a567b7ea8084966ab32d197c46cab462e3e225a13d5fff2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82f7a3f48d152a82c56769f85a2df515

SHA1
e7051f6c72a067c9e0b876df4ad5f170471b738d

SHA256
9bfa064f34c43ff2802f9d0f292420497a8cc2be3a94a2f01818cdd280480f40

SHA512
2d5ef240d5d4670b1ffeeb6a15b008fd5f6676861690267828eefd0112d3f2cd9a49b5baa071dd982df934c0c0421ac49434efa0ee1d26f4486052b1c234a8aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b80bcf35a23ae54685cd25eca1f4d799

SHA1
a4bc2e06db13f8ab379f3df30ecaaaeff7ae04a7

SHA256
824d4585476a5481a99ceafee96091a91e65825952c6dcc338caf5efac052ce4

SHA512
34da5efd8f61676cb0755cd4dae6ad7e7241828958c35175d25cb9fa927e97f7fddda392a0530e6ff0b59ec268feecfce173908d7c59f90628b2482c6ca02557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4585a0888c302bbb8dc87228d29c10e5

SHA1
140c31f38029345f60a4782abfaaf811cf1ecf86

SHA256
6f31ff3af199d82bbfadd266bfde5074047b79f7bd8a39331d36061d153ad59f

SHA512
b32005b8a9ef5f0af6bfd0c0690cd2c5475aa0f04c45253395419e352bb4507d10999c741a9fc6a2db6fc0b22a2e1220c19d807e79568c92b614c8d5fefbc922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7371b786d384865fa3888593efb0d21

SHA1
f178009cbfafb58295ca73fc5175ae864004d82f

SHA256
68fe90cfcf0fa669e440e80f9134a7de34db0eb690a4c3736e6b7b0afec58999

SHA512
20313556b1f8335c6efcc73081f525c62f9f06707b1c1d6fc866aead7c26802af10dfdd8690bad450cc4ec8535198110af7eba67aab8e86bc2e0be6ffc2f503e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb683b854bf864f9c8fffdf59ed18ff2

SHA1
84440532418a5159ff28681ab3dc215fdf67dc77

SHA256
1e799b6a3b2e04057fd0c3c015f18d86e4c506f4d67edf243ec500a80955d6ac

SHA512
2063ca1bad255179f535c83224a0e542fb3de44b6aebe0abba3f7685cdbdac4c25ed01673b2ed4cef05691af3912a4655e967e8e90692484f8bc222f0e9ba9ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a6929009d8daafb4e50fa0fdb141824

SHA1
b751e2a88f5000770c392f43b447207d282cceeb

SHA256
1e52d80ade26ba859f35615e1749269eb93e8a4f4218e51942ce7214203d3c61

SHA512
f43a65339e688ebd4a838281206a9678dc7ece6d41f60f73c6963bb9cc6584aceb8b51b719ac639f18f11158775e675c8718e91fa4f3a77139c8a3d4231d49d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d09bc8e314051098d08b774e3ecf34b

SHA1
71e38980c980d641637bbf7d01571ffda90212bc

SHA256
3548b3ca540e392c2ad93af9afdbb0dd65e0b25de98b0cc2c7bd7f09c8b4abe5

SHA512
f9ea08f78d293695e74fe60946106b631a0451976416f8026bd04fbccf37c4a67e8c906fab284806961ec7c72204e87813aad99ecb8e119975eda402859ad089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5f6f846561b763b000896913c32c2a1

SHA1
47314b9ae0190954aa33779feca1e847c35d814b

SHA256
d1129c5d738ba2718c1dd90c6c933322ae77de2c72f0277b1eed227633458484

SHA512
013e5d2190e3ab576450641cd05c632c89981ef14fe976f884814e94fd38223ffdf4eea06b80e8cf17e987e97e8417a0fb8f6ede848bc4eeb2203148ea7ac619

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9838e9cbd97e24233b6db334948cc8ed

SHA1
f0a1341b290e4bcefcd59eae2139a976b896150f

SHA256
db3eb244c6048496995ff8806c48ac38ca397654fe32f9c10c9f3f811cf22dd8

SHA512
aa9814f0d2c09aab1c7e39cfa339e4b31ea168fecc25fb9a81b5322c7ee05ca52d80e1e5040c1e762b3b4ce0c396bdf6fc414c2946bd2bf4f381ee3484951b17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9c4fac5823a76d6a17a3073f0253ac0

SHA1
cd88d6aa391a5944c3eb549066994194534cd637

SHA256
4fb1542a7a4f77239ea4127db2d7be9c3ffeea533c59a48e04a2097c01cf6370

SHA512
4408719db2dc62115679f1d4ef72f9f5fd49908a6310ec7e95cf2866fb7db10553d2d2b9a0dd4490add63f29ed7aca88732314d6c0e5b289944f8741ed455ccd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86f215b767b02e7b3c34411f8714855b

SHA1
3a1886f22e097c015fd70b78312b1e82def4d345

SHA256
15014b075fd80a5b96db8d639a729f13157069414979f5613c3f9b4e37238d39

SHA512
9c0fbeb00f929e9a3306e531430347847c2099fcce0895c363559095c1fc70d2e0a38dd0dfb08d91bae4aff7e028d8779d82669a8a0c6cb023210a32a6fc6e34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
805f116f56c29142253dd6fd42dc3c60

SHA1
0bcea0fd6a3a04a9010a358004468c7ab9aed04d

SHA256
e766fad34da95387e346cb8c570c85ea58a582bf0f6c3bb178dc37889951075b

SHA512
4d875d17c2d5c51a017958e4d2411086805aa161eebc44bc07cf42d38474787743a4d2da26af2de2dbf6954d00250d19c4612016d9859f2f3778773447040e11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd77e5d2b51b105d537e5261498d0863

SHA1
c794933a6b30bd90277175c031ffdde25a9a2c7b

SHA256
dbaa9091242a94fa4cb18e1a29eeafe23827613edd80ffafc5a6b4af0562d491

SHA512
f8165bfff7f850c103a1b854479a719981a1369bc18d8f3488aea5e62fcd10cb0f2de05e2d7270d56353b868b3a9a6bdc522c1c9876685857a63e3fa0162823b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cc8e71debf10bd10e3b3832fe884e6d

SHA1
e6e0e93b878d92c181a6342220dc0ef4ddf05880

SHA256
f7826987f3055f17b50568ca6d37e8d30d11604c6ee83ace02b6bf3a2a29c014

SHA512
c4115adbb4f4359e9a31e66edc88b978ab52f18d405b75239e300649647df8eb1a2b3e8f6a32de543dd588273a01f8fb7d6d648c7c691b57e7c4516f898bee09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20bd926c7e9ccde278ed12da64c2d902

SHA1
fadabd130b7354e20facd10c8294c9ec93dc8828

SHA256
1fbcdf854e531d0c01ae39403ecae92ebf8b49585d85d31a0b872c7a593db651

SHA512
6ded283ea13d067fe910f2b22984c95446c3411c9168be82a723ed6d48af16254647c55faff49b8d172bc44bbb0b0eabed75f790d5ac463761654481a4fd9b8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebbe249feaff78b89c1651ea858951a9

SHA1
50e44174d17be925f091f9f26a2402b60ae4ec5d

SHA256
43a67d31be66a01491c467c861f16e07f8a4cd675fd2aba15faa30d84b9c4982

SHA512
45486faf0b4d06488a6ff83f3838ddf252c581417f346371d29ed482c1ee08938160bafb70d4c48cdac3a45857b72f62d0a9bd84dc28a28877206ae0d2f46ef4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de98d054f4556915fc4162f6d42a80b9

SHA1
0d8117803c669d2a18a6b6778c138223d7733c8a

SHA256
7992247df3eb9cc33f22f793a314f55e808f94ac97a917ae89119187acdf033c

SHA512
149b5532d855f64ca33246a298604ab2f0addae16379c03a0324aaf25885935f5f88c38afc2587ce1ba16f77c93199f12f8b42a4cdaa636dc6fdca6f69987959

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9EA2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F70.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit