89ed697f3d6b36e9939f0ac715cc1925c78c1882de4ee0801ed2ad4fd4b6d24c

Analysis

max time kernel
118s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 01:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1fb4ea96836124d98b4d98343ae00262.html
Size

74KB
MD5

1fb4ea96836124d98b4d98343ae00262
SHA1

0ebc26c03b06192cb9263e992a84bac3fd9b1675
SHA256

89ed697f3d6b36e9939f0ac715cc1925c78c1882de4ee0801ed2ad4fd4b6d24c
SHA512

e91b84947c10b3e13c270286571d434f06972ffcf9ebbf09358403b0f60619c81f4e455eed57bc31f12f8e2c67b90853390132c0d30534f87c0ba77ee956e59d
SSDEEP

1536:1nNxVie7ThnvHpgNLvRG/Ow2TmEl0Cf8SZMz2obsZmmSL7VKiPRytHHf:1nZie71nvHpgNL0/O/Tvl0CUSZMzsZ39

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1164	2796	WerFault.exe	28

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409756323"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FA0629B1-A3EB-11EE-943A-F6BE0C79E4FA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2780	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2780	iexplore.exe
2780	iexplore.exe
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2796	2780	iexplore.exe	28
PID 2780 wrote to memory of 2796	2780	iexplore.exe	28
PID 2780 wrote to memory of 2796	2780	iexplore.exe	28
PID 2780 wrote to memory of 2796	2780	iexplore.exe	28
PID 2796 wrote to memory of 1164	2796	IEXPLORE.EXE	30
PID 2796 wrote to memory of 1164	2796	IEXPLORE.EXE	30
PID 2796 wrote to memory of 1164	2796	IEXPLORE.EXE	30
PID 2796 wrote to memory of 1164	2796	IEXPLORE.EXE	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1fb4ea96836124d98b4d98343ae00262.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 4604
    3⤵
    - Program crash
    PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4EC9FE2D9DE3F5262F9C54A2A6D2720A

Filesize
471B

MD5
75003d3739a800e490b15b15d61ef40d

SHA1
ce4ccfd584d544aec9b68207fa77e8fe7ce82b0c

SHA256
c7ce933136b99bd208339dc4f4394309d0eba91427c51c6d2dba1e9d7de28d4d

SHA512
fbb4b94d8bb9e647a171147c9e83417f496bafda07b48232d99bfa3464390fe3820f6637704f7c4e32c3645338f05e2d6a301dc9b6a16f9946d177d687567b33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
b4fc86bfa9f83e7ff76658d4c9b85b0a

SHA1
873407181a33219882677c57f6224ce64ea5c798

SHA256
be636ce3271f4bb6368aa07d53fd040e4f3d2db418d235a21253cd190504906f

SHA512
dfc83c04aa0292dea0c2c32626eafeacca0277dd1be330681d9485275b95b1eb8e0c9c84f437db2f1835362b87838e0cb95c03a5d54fb7d292a97d31c3345b34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
434B

MD5
b98d17ab0a681d65efa1673d25f49065

SHA1
3196fd608f7808a0a26855e88c17af2dd1bc310f

SHA256
636f43ace6df3d387a38ace3a7ae7e961da01328e1ffd625f043336247f7523f

SHA512
70998074cad9656fa37d09a3ffaad1304497e97b4b469fc3a9b84ec759314874c60f2888b19d1dfd0e386c6ea10389f331543e36f5a54603cc6be94e670ee38f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f747bbacdca2af40dd8263a5ea27cb10

SHA1
4ce5f9ad042356af5fe9e14bacd2d8e90a0c303a

SHA256
309ba50575a8988e622b93d7552ea0721e163f74040bb3208b17d06ee5a3e8c3

SHA512
8c87568cd1c105e329c59c8ac3709c8fdf418a543ffba6630c8621a7d21ca53d590801ab422102fc4f10c553dbe0091aae95a4b80e78bfeb6c5578b362f2a68a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d817a5037db6192bd8ee98e0217d3aff

SHA1
daed7f14201a6c2368657b4cfdc180e96a44ff52

SHA256
970a1a9dbb12e8fdc756ba3922e19271c12c45f24451856b952b1581727ff0f2

SHA512
8a64f23dc5d5cc5316022cae85ae3242ea33f546e0fd14411698c6662267f380ec23ff036384c7ca6b33bb32e86c08e3886299b48a01fe1618c6e4833d42285c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aac27a9f83a4c5153d538a8f55a6e27a

SHA1
22f7e5216a7ee5049bdea284f33766cf53aa7c89

SHA256
d193e30e5cdba10540326b61e3bd555602b6c5dce0a79d1e9bae84288d5ca96e

SHA512
a1f5436f4889f81f4032bdee9a9904cd53dd7c0879b26fb46d406ab2d6d853c9c3c1515c553afab4bef634e8b5495fca1e4ed09dd5f6b5221a673155fc5c4577

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97ceb779500853ba4fd9362315a48cb4

SHA1
70dcefd3121aee68e6a09eb956cd0378fd510be3

SHA256
26aaa19e71af2be35d0429defc719fc7a925acb450b1bf20154dd1638ff37f08

SHA512
b64c6c42df7d8aed54d1274e85b277448042b75f9e0b2bb157b79184179d1f8cbf47443331b8384944ddcf0b80122e080b950feab42ef1380be05cfd6b41cf94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e61ee1c05825ccbff124f33b592133e7

SHA1
4cd6355436f91924d17af32bc30de5edd497ab67

SHA256
739645aab96bbb8b50fd0e70c663e26419da35d322fa45eaee5ee7de5da3dee8

SHA512
05372e88593314dc1f223210487bd530d4c4fd9e9b848850ff2fb61731d8dd56b6a563ba2d4fbcf6fc38628290c9fe12e9b52ab3cb2d3b7d03bc6b5882231b8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc31b512032836ce597a183370958ad7

SHA1
47486617454f2aee7f46b9d57c5a36533a5e77da

SHA256
4f90d5f7b61cff3012dd153a31b1b95d5b64fc324301ae8d6b232271151313b5

SHA512
d658ea0be96cf0afce0afdff0ef1ba6db4a53a3e8c2b0b18d9261a2540a3381dc8eeeac6fc580c871350bb3beb3e8984beaf1cf62021d6f76c3d2cb3205b3335

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b29507cf0d82d9ac92c143b693c96ba9

SHA1
3b44c652c915510bbc441bb7b6aacb502bca395f

SHA256
48dc62c2e7ccce62cf21ec18a798761f690de3632017a9a52326d4bec1a8817d

SHA512
79a455c76f127ed60356c25534109e6a85a93fa61262ca8ed86befdc49006d002e57ffc93c8aea19360a3e47f61e6b0a5179cdbf2615425ff2d08a199746467a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
8861d54cc0c18cea533a11bf570e744c

SHA1
470e27697736a5957b2bb12beaa986fd44076e20

SHA256
c13587c9c567bb327303020a1a541f9efb305c34d4e448fe447f97473f5440aa

SHA512
18ecf0c6389af62a505b98df3b152e493b2427e2989a9edf6d364c147d8b598313564794ddfdf0e057effd8596ee3b25711b355d283f457fffe9449b23f2b161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\jquery-1.7.2.min[1].js

Filesize
92KB

MD5
b8d64d0bc142b3f670cc0611b0aebcae

SHA1
abcd2ba13348f178b17141b445bc99f1917d47af

SHA256
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

SHA512
a684abbe37e8047c55c394366b012cc9ae5d682d29d340bc48a37be1a549aeced72de6408bedfed776a14611e6f3374015b236fbf49422b2982ef18125ff47dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\TB-banner2-2[1].htm

Filesize
134B

MD5
4aa7a432bb447f094408f1bd6229c605

SHA1
1965c4952cc8c082a6307ed67061a57aab6632fa

SHA256
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

SHA512
497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab78F9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar791B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit