c98fa7f29fe4d94d094a8b4dcd5aac8937e69020b7497309b038fa916e795b1a

Analysis

max time kernel
65s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c76962ecdec98bc1027cb27117f8979.html
Size

6KB
MD5

1c76962ecdec98bc1027cb27117f8979
SHA1

4dd9be4b798d43f8fc47e138c429bf3b2720a4e7
SHA256

c98fa7f29fe4d94d094a8b4dcd5aac8937e69020b7497309b038fa916e795b1a
SHA512

5314c242ae3983e1e37b97d834ebbb7f7aa9a6d25cf93f2e262cd8c3831faf6aac73e035ac606f0551d309b937e12e6f90020111215f644bc063e704d32bf0f9
SSDEEP

96:IGDAzlUPTN+0tkcwjb5hNhIzBQJe/tJ22Wlftc3HjIU8aT/WemK:IhUPTNZ6cwjb5jbJALVWlF2jIraT/W3K

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73C698A1-A2FE-11EE-B59C-EE5B2FF970AA} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000008beec8580b2113574ca3bcf7894cbd78b3db15bf65776b3d69b8b3dafb84f258000000000e80000000020000200000009376ad8877c86ee0095d62d98e60bc7d9605172f86a5adac0890d1af32cc57d5200000005463e9defa04b8d25eb71c0beb372c056dbb5c0da92d4949233a5677c922e85e400000004c486d54e080e7d671cb8ae3f13b636a959f52078649483c9ef895dbb60c4a5104c3dd0d77364dc43fb8b6691bb9b4ec8b35b2364da6890bc7cbe8b50c98ed16	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000fda877924fb70820112cbd810e98ef82cf02f8568fbe6b7d6bf3d9b947066ca7000000000e80000000020000200000008ea91c68fbe1813de5d3716a21afbf31d6169c9ffdc367bdea763254e6f71cc69000000070387cb796f09f9505260b8c3768355f251838a6cce2d3e340e25ac2567cf50713218a669dedfa5da4c2b7f535bb1ebd9e8b10557a9d557a4f18e68a2ce20262f3791acc459f007c77444a9427d689325796b5952539499fec1dcc33a7bbd7e43e2e6328b8c885cf28884d94d550b70c07b758d1cbb0020b012a32e8891fa7eca4abae0b44c907f478aaaa6e5c22519b40000000e68eee788be8efb2fe3c4f2a005f14af1bcc80afe1d367d2f49357790a195e1b7132277fb38c00fdd9c2b90fb40fee5968d8076341f2bc083d0d43ebf5f7ff32	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90982a480b37da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2080	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2080	iexplore.exe
2080	iexplore.exe
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1272	2080	iexplore.exe	16
PID 2080 wrote to memory of 1272	2080	iexplore.exe	16
PID 2080 wrote to memory of 1272	2080	iexplore.exe	16
PID 2080 wrote to memory of 1272	2080	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1c76962ecdec98bc1027cb27117f8979.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e89be94f98c032a3acf9b1e15e3169b

SHA1
e5968d2c34ab2c137a9285435306d777391b8cda

SHA256
1d1464bdcfaff3a25587e45654a7acb298e09af59921473ad3e49ba105bd16b1

SHA512
ba7b0ed97d13030125ccdf7d1a06ffa488536d573b6e54a8b443ea9f6dce3deea0b8fb74801c82a11a3c779e7afe4cb3c8ccfc334656358344440bd9be624dd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bd5a5f0f43851791d97a535529b54b5

SHA1
5d077161ab99c3c87bd994c2ddd03ebbfe4cfddc

SHA256
4baf5950fed67956b38c7c486809de9d9d7ff6409da6ba78b1d313c1525c398c

SHA512
e56b4aefe63d8dd7057d07d98cbd69d70c0b0e2fd6582052b324a088102934894bba649ddcda3809a1c7c5263a0e863602279bbb5a3ca948e65b635e6fc774c6

Download Submit