96ab421bcc40dda53643626ed4815695304db6285c7a8e408f8c833652028576

Analysis

max time kernel
6s
max time network
160s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bfae41f49999d245cbf744b6ae0f6f7.html
Size

54KB
MD5

1bfae41f49999d245cbf744b6ae0f6f7
SHA1

29aec0dd6da4ea07f3674faa24b45f2c30ce8434
SHA256

96ab421bcc40dda53643626ed4815695304db6285c7a8e408f8c833652028576
SHA512

ebb0b5eb3223b2105ebfd366152dfdb1162efc1a26c904583f59685afa118413db793d7d68916bf2022440381a3ccec64974f9d2a00b2efb1d41990c6973ee10
SSDEEP

1536:/BpvTmori0LCVx4vVfjz//geeSPAkotq4thiPxYb:prUEvNz//geeIA04thi5Yb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66EDC971-A2FC-11EE-B930-EAAD54D9E991} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1748	iexplore.exe
1748	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 2276	1748	iexplore.exe	18
PID 1748 wrote to memory of 2276	1748	iexplore.exe	18
PID 1748 wrote to memory of 2276	1748	iexplore.exe	18
PID 1748 wrote to memory of 2276	1748	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1bfae41f49999d245cbf744b6ae0f6f7.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
  2⤵
  PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
e8e540fc74a78093581483a6ec0ec7bd

SHA1
03fd61030caf9d8fcbd92500f2e7401212af59ab

SHA256
ff027594a7b23ac3e05a8d5c57e37216763e9773cd82bb18139d20d024994e95

SHA512
8b0c2d94caf9fa5d6ec33329ba11d9e26cfeb33ce1b54f0488e20275d8c504ce6d1d0b3e72e5fbc35fa747d606baa904121e3451d6b94ef4b6fde7f2162650cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a2cc0b244610b7b15ab8dd4e5c1a597

SHA1
09f32cfd59051e7463097e3362fd8e2fe148b3fd

SHA256
9de51a6425c68f56b5711dfe76b8a12f4bd2d0b208191d24b975a403956b9971

SHA512
76079f3d949bc9a0ec2e51c57c83f97f6925dd7b1541434596fc7c5348d5c7a9feb1c1081489bcfb8bc2e7a61a8deb6097272ba3b68739cebaa3e638ab4b3f2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a606ef4c9ad27019f9df966c4ea48cd

SHA1
32b0421773bb39ae0a48d7905bf9d4a89a1ba2bd

SHA256
b222d386b6d3ddd9029b0bff7b3a3461df34bbb3ca5e93f9dce7b1940f25d2f1

SHA512
c7e4ca79568c69a11f32f4bf7cbd7327bfbbff4e6ca446552f35868c29a0e88f161d65d6d6242b6dab3ab91eacf16fc86269bb7bfe40be4b89544f5531dab4d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fecd0e13d8610f0500368d1f79d9f2e0

SHA1
b65b0434358a0f29308e36e2cd5e62698d830091

SHA256
407dff72380e381b6830e0735be838a728ac569d890e875244594b46ab45d883

SHA512
1e3d12a8e761ba267e742c009426219ca55406fc08164a9efce5009385d724b899917f9384b42d0ada53847a1e6c78493555c0f0372734c0837933c0ccd35726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3b4900440f09ccff5f9e8728309b4bf

SHA1
33dd6dcff1df47a5a55001e130d630c47a14e258

SHA256
17974712b0337e15a63e6ce0120946fbde1f3a13b8249bc0a598939b3e277390

SHA512
4becb03a3d60a12aab07fd298673632e69fd2927ad0e4fa065aa380c27cdd38113080442afb63733330b8c744e8c275752bccd63fe2b44a0fe28111634903ae6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
309883e704d3282fb18717267b84d9cd

SHA1
b58c1be0182e52dfbc1766f38b0c2071793a04c0

SHA256
c5ff6aff971b32d01909aeb25b55a65c7dfcb9b1961e77e56dc3e1221ab7ff08

SHA512
3f9a5cc6eade68e09bbd4ed38bd7c52b0a79b98a72a7562fe40319355cc08b677805a5652a8f3a43d986b73c15aacf444262fe4cf2f11cf4ff90a8e63aaf3c6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7caad05230a4fcffc20ccdade4c894ed

SHA1
e04f9b51330b180bde1c919f550ed127b8ee1192

SHA256
08d95393eeb57ccad0df5cac0fc3277f96490ac955654be9ad4701c697d20964

SHA512
a9cd59939cdbdbdcb48fa110d9b012b38d1e954527b5609e626f53c2d144feb22cbe744aff38241b9ed10f04148a638453bb63af4a88077e694a7d5b3a88ec4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fa536872efad3493760008cde3994b4

SHA1
d693e22e325ee4272535cce42dea1e3b1f266be9

SHA256
5cc4b63f167c57fde8dfa45b4bd30033f3efc6c5b296f78503dac768feec82d9

SHA512
8949e70866fdc9e0673b0bf0703d9ff666c7062ca13d321e3dd66517110809c3f1fede15628c3da102d6c24f1ad746b433c00e0fc87ac6a9f1a5f6614b1ea45f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23690063d8ac9e31a7b6fe3d1319c03e

SHA1
de29f1c0e8eb7dc533a7e6a8886e319f976dfaeb

SHA256
23703b33b3814ca1717057063b6699d410c35d34fe101d77aa5812813dbab9c1

SHA512
68ecec5809ab8ec99698e275ed9feea02670099a597402dd8762735ca5ac525a0696249edc4472c26ddff010c50cd61c0ea9c607c65467edf94dbce3fbfe8d1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e85a79737ef770b523429c4efc5f25cc

SHA1
920b03016f2ce8942b23fb71800954b89633d3d6

SHA256
5fea4a7a4ea036c05626cb195ca35506592af9a7d56641f9d155b51a0e22a32f

SHA512
c2657f4ae579b6ea33c612e7c5b74b27d4e69b950b60f98503659a7cf267a40cfd6ca936662b2e25dd08b4c67c5b692d2403f862ac3edead4cc39e92945fa867

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d49e8c5547090d2b0b438c7cba7eec1a

SHA1
45a4256a9c342fe897bc075c51901c1a04ecb5a7

SHA256
2fb89e3fac849f2f95dd652e2bf332df875f956cc6ef981454590023f3d37aa6

SHA512
dec891944d44ed145dfaf441da9d957130b787bdce85af64450ffb620d15fc53715be62d4857fc691b079ba9037de5995a054859b5b8d692682687b79d2c3d4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cca17989ad35f528d93fa636c85e0cf

SHA1
172d30221291402e0acd21a8d1f3691a51c1d17a

SHA256
103dc78813ff43a90f125fb5befd1b61fa2bafe69c26f19a3780b8bb1f50d45c

SHA512
d46bcc1c1b3b56aff799ea2e437bcda8c9f781586d5d8df63914e278b9d8a0794e7207dab2488c4d9e9c64ce0d2cc337870c2afcd42cd4d6f6c98843c8586910

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36b1226cfe40269881a6790a2fa0194d

SHA1
dcdca28b178591b194aa8717c948bcea81f18131

SHA256
742bc3089acb98b012947e69c8f0fc99d66771f009f474ecf29acfbe65e93a80

SHA512
b429feb7b7cccd1e8971cacb5f389f8194309a1f11d2a715c4732ec9adf3cc634925462e01b4be0824ab1a7f96804933e3dc96b2653efb48fde63c344a669b79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25eb983aa5887ef0550d60943739f239

SHA1
624999b02476268cd2eed3674e2dddb9eaefadbf

SHA256
5b9b384ee25047cecfb35135443e0c25d8c096a0f907d29b99670d0c7d9dbb62

SHA512
a159d7c06a645b89c443a830c6433e033f13fb3481e3be196be95d7ff25d211c3a3352fbcc5e6b22875dde4b9cda56cdf29cf49f5bd2724ab40960209274576f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabED4F.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarED50.tmp

Filesize
35KB

MD5
60d0994edcbbca64aaf7aac9b53cb727

SHA1
959fcd1882a29e3fd20e4386faf7a561bef2ecbc

SHA256
a409c1ab228441831bf8d283d6ce67b3544c1befb15778d55c91eca560272327

SHA512
6cea5c6322de1bddcbc7e76adb3ff6b9626d2959455b0f5afa25908f223a77c562de0e955593baaafab0568f9826c4e81f6d8f211b8bf8c3c7f6710004d8941e

Download Submit