a46673b1ac9b9a3d5da96e463ccd52d1c512cd90477d9a3bb03b19c6c734b559

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e17649819a49db125d6020fc78a1643.html
Size

19KB
MD5

1e17649819a49db125d6020fc78a1643
SHA1

739b18078ff0e974d746935856206ed431ff52ba
SHA256

a46673b1ac9b9a3d5da96e463ccd52d1c512cd90477d9a3bb03b19c6c734b559
SHA512

33fa4313bf72ee0c595a036fe2fd231e48f806b16c3b9cd644a176451cad303df51f2b2414625632d16afcbc2bffaa704bfbbb326d873d80526415dea0ba8e77
SSDEEP

384:qvW1kIk0qGq1CRqLh1k6A0q6qRRqLR1k660qnqSRqLakJtsFS9jARPjO8x0md6Co:IW1kdz51kDo1khZkJtsj5O8xc

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409747863"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FD91411-A3D8-11EE-8E99-56B3956C75C7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1848	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1848	iexplore.exe
1848	iexplore.exe
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2664	1848	iexplore.exe	28
PID 1848 wrote to memory of 2664	1848	iexplore.exe	28
PID 1848 wrote to memory of 2664	1848	iexplore.exe	28
PID 1848 wrote to memory of 2664	1848	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1e17649819a49db125d6020fc78a1643.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d80c0012d6d869bbc5b2729096de40c6

SHA1
9a6a4230c164ee03db5e1279563ebb0acd3ac5eb

SHA256
f42d148b01ce2fc59a6b8ef8effce31987d9893790eadbad75ff9a7bc2c1e9b5

SHA512
d880c47277330c9afbbc1b9b6d717653732b8527dfa7b3e61d1d9d8baaf1bd5522e98ec32c6c8ad8d2c7faf1b3c731b2c82b6fd8704de9f0538575f0f56cc61a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7d79d9429c4a539279b3960cfcfecee

SHA1
178fd4a9957370ef93631f858f449af7141f0521

SHA256
124232a0541324e5437c9ccd311b0e1a875a1889a7be8102ae48e981543564a8

SHA512
8044bfc237e2ee902e11a901328ef1cc43c6a8f01cdc0bf2e80a38b7cf55b6304b2f235376e02a282e37792167b829f06b68a92e03bf8459ad374f066bdc2362

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1dc66013295293bab436c4980bb2026

SHA1
3f56a03c2655a2dc3e57183740afce95ff96dca9

SHA256
55d96817b0ee2809633b2694e2ab1f6c94322b8122937d6f7dcf9a53d71f7d6f

SHA512
3e8e63449cfa2e67bfeac8dc2cc36f30ef5739b5bdd9b9a8e206786575cd428f79fd46e14451084b42577bc7e644a36f86c1c780b0c3baa0f28c3fad84c9f07a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abe150a94b020a7deea822d531146a57

SHA1
39372e9d168617c78b8c7c915caa196005964110

SHA256
f68cdfc9bacd16aa88491bb4ca4a182a5399e6f76eb1b9e1c30fd6d9c8ba5c02

SHA512
fc6e93198da7af6f386d24f1d0f58dbf116090b45324d5e1ee7c6b1546b98016a776ad8a1ab36243849c1a442463727768e7f20cf86d4ba3c655a30ed8377636

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
943d703f9db7832d1e0ac57441f28001

SHA1
f30ed7b8c33a6fff4edfede389cc038708464a22

SHA256
60c1b6fa12c3e3e19930d75d713ca35c4dcc46fd6056e2431d776378cc16987b

SHA512
8c232587f3d8d104a808150340b199feba53d790df08b79a3baba437b24c4cefaf233a990e828bf5ed616ee7234f1a3befccb1cdc48c0912bab920b084e93f0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
014a4d98b3ac904ca3be213405667794

SHA1
b937746c7408f7f960ae04c0ea87b98c6f2f183c

SHA256
aeb4fbe91c827d7bba76d9fe2c7884c82990238f0ce2bd2f11b1e2a559796b9c

SHA512
307be071e59ed7e97802632e00a55fa8366105e555837e8fed4477ed1d6912e52bbebec9807eda411afbbdc69b01861c435ab88a9bd9f0d5c8a44f63c3b35432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ef77621d92a2f0a84eec0cb74ff35e0

SHA1
2585b1a86d5233fc458578b0af01c3ed45e40d49

SHA256
4d9af13783508faf025147b16ff3fcb8e57de0e0440017665fc210982ccab91b

SHA512
eced42c20ef56f8b0a3f114ef08d23f2490edf5b17c726e5bc509ff64605eef628fb1e21ed6b8d6fc37efa674e950f5a52274e1c6adb6241714ba1cd12f8506d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69eec526c1d4134205a80b43437c2b38

SHA1
4f0b13552dde81cc28b35d2eaf7f6f9275ae2bca

SHA256
c03ee6a0e25de9166b5b523d767634d21e2c465d355294f76f534f05d43849b1

SHA512
d17e9fd5eef1a0ad31f7adb2b72e8670de3c75e7a82f87b2c41221b587b161d1bce77a80a3fb258337475de4e7e65b2729b3be8b06a6aa07d5a5a769befdec2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39cd487068fdf30c78eff6d539b66b67

SHA1
5d2f8e710b973e13a75faa064652ab9fb05e5174

SHA256
161d09f15b0d97659881d591aeda4623463256a7fe1af22d94d6a774a8848770

SHA512
dcf505cedf9a15f1875f358a60f08bed408947a0a8430e6a0a0673489ed4f8e82d862ec9f6c3c2438bfc38b1c17f1b07edb5f1dc0e51977035ae4043ab534caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54b3297ddbb7b11ae9b9b46eac3e8ef4

SHA1
b73f950e4239c692d1d23ab4d8b9088018357ddc

SHA256
8c8fcf32c9bc4195e48d88a5868021438372ffe20ccd65a867a3e34359496212

SHA512
3f6efdd74df988312f9c538863ba36db7d235ff3bf970566fcb144c0d0c8433e6c551fea0cf12368c126f82eebb08802d7736fe6ff9a18476566f5945a3a609f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
366d279b121121dc90afc897ea25cf5e

SHA1
0f6222ec9df08df7b8d7ecb00233ad9a576ba232

SHA256
39a0443c088fc737a0d49ede0e48fadda7d68fd01a5bbecffaa0339603466793

SHA512
9836107cfeb9970c8c9e336cf705c803bbb68f67080ed27eca0d3de64f522e530a83e2e55463baeabbb8e6aa2a96060dfa0945eb07c9ca83685f5f45b3272f5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55a566f99d54364375624b7bc8f29735

SHA1
827dc455b8c66740396f20f2afc6f770b6d13870

SHA256
46e98b21d742bb889b72b45a636bdc4b7dfea6c1a27926907e6416dc1942a335

SHA512
9b83f9c5b35b6259b7f603ce2bf92b9ff34867df2ca9c804a686608c0ee91ee18119cb54dc5a5ad434f398f7af12dade3fd0aeade1ccb3ac91a414095663c7ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fbfb539694cde55a5cdfcd6dc770ec4

SHA1
7a7ee342500cf809415c05b6764452d1045ada89

SHA256
df5529984530c80d7eb1d64cf12ae4f1770c5185d3fbd0daa072b6e99469db4f

SHA512
8445b41d754d4cf8eb5a914d8b4dfc24b31fb34a36caf83ae3039b86b0e3373c01f9dd862b25d05f12050d3b629c1255fb952bcc6909a7d1f0dd97a79728ec38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a47067159b6dc176edfa0e6cd6d980e3

SHA1
0afae6f94be420f91cf427ceda37124786c67b77

SHA256
25717f81496d942f87b987a1f791e1e0ecec287d21cd773ff852f073e2477bda

SHA512
c273a9a67f930d56e61295d6b1b70d941b50ec342133c7e9f4cfc3b61a1fabdcdf621c262246f1d2032139c5a6fa5eedaa0ca658a37c9060c8628c9b6e20e9ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2207d3165cf1f2d2c30d4838091d19f1

SHA1
bdfc6211ee6eb3388c2975c2d58fa17b36ac97c0

SHA256
6008c4d59a584b6f071e636ac24cde1c5924046cb22961766d34a4dc8ceb6e78

SHA512
26fa2e7979a5e6b53f1bffb6f4a7fdd2bf0b3b7fac95d199a509cdc2bb7fdeb4d8c6efc111d34660987b27c73c9f4779d6fc0960f819e5ea17bab996173fd722

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
076cfa9d25f3ab563d8e25936c87cbbf

SHA1
c3bbdaea6fc7c8e2c8ecc720d3fba1c39a8cf133

SHA256
87a8dc3b03ab2a8e8e9fdb91172417810fd7f68af509a997eb2dc62aa770ded1

SHA512
bc34c5c2327d3d146d17adfbaae036aeee805fe29ee8fbef53c78173387a92990893d3ca2bcb57f003e491da2eb91ea1beb88e547a15f81ad4b296215e453511

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
774e0b85e20c351e1e5f4d194cfcf460

SHA1
f22f052b627e67470190c0095d3bff967409912c

SHA256
81435b72ad7062fff0b68849f9a2da5771e9ce4aeb83a10278c3ce616eab9e70

SHA512
5f3aaa7265fe66146f268f9a013520c08ee74006bd7acbb2a9babab73d26e07e1a8e56458d06f0ef0a261e8cac23c692d776849d1c49308997d52c4a2e19c033

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
249f7c4964cb1aa9fd037ead9c415deb

SHA1
bf473b7d4e89ed979d6bf078a42bf2486c803af8

SHA256
a771b0dc93660b67375612089a1b4fe6c9d9229e0e286c43f5b5cb0971e3c6e8

SHA512
9bf8a73330e605e81c5f0e79c9a47e8b7cc2678698a001b9dc77d5e9c61354f0cc132566004665e529f118b68a21be4382cbaa21c0c4326310e78c16edbb70ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df4bd521a01487dbe1ac0a7139e54638

SHA1
8c4083ee2c161cf1e3cf3ede7c51fcff78956dc8

SHA256
1fc5757a9ec61a050338689ed6abfe68f8a06841345567640e16b124f70bc016

SHA512
4a8830331264fe7af6d3a0a13cc30e643423dd903720fe4345c7b16720bdd353625b527cfd98926d8e304dff5b722a6cea103d396fbc5410d43232a479ba72ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab12D5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12DE.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit