89ed697f3d6b36e9939f0ac715cc1925c78c1882de4ee0801ed2ad4fd4b6d24c

Analysis

max time kernel
0s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fb4ea96836124d98b4d98343ae00262.html
Size

74KB
MD5

1fb4ea96836124d98b4d98343ae00262
SHA1

0ebc26c03b06192cb9263e992a84bac3fd9b1675
SHA256

89ed697f3d6b36e9939f0ac715cc1925c78c1882de4ee0801ed2ad4fd4b6d24c
SHA512

e91b84947c10b3e13c270286571d434f06972ffcf9ebbf09358403b0f60619c81f4e455eed57bc31f12f8e2c67b90853390132c0d30534f87c0ba77ee956e59d
SSDEEP

1536:1nNxVie7ThnvHpgNLvRG/Ow2TmEl0Cf8SZMz2obsZmmSL7VKiPRytHHf:1nZie71nvHpgNL0/O/Tvl0CUSZMzsZ39

Score

6^/10

Malware Config

Signatures

Program crash 4 IoCs

pid	pid_target	Process	procid_target
4488	4832	WerFault.exe	15
4440	1020	WerFault.exe	98
2804	4180	WerFault.exe	110
2212	3224	WerFault.exe	114

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F0857242-A3EB-11EE-BD28-72AC86130FB1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2928	iexplore.exe
2928	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 4832	2928	iexplore.exe	15
PID 2928 wrote to memory of 4832	2928	iexplore.exe	15
PID 2928 wrote to memory of 4832	2928	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1fb4ea96836124d98b4d98343ae00262.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:17410 /prefetch:2
  2⤵
  PID:4832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 6816
    3⤵
    - Program crash
    PID:4488
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:279596 /prefetch:2
  2⤵
  PID:2796
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:17518 /prefetch:2
  2⤵
  PID:1020
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 4592
    3⤵
    - Program crash
    PID:4440
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:279608 /prefetch:2
  2⤵
  PID:4516
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:83184 /prefetch:2
  2⤵
  PID:4180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 6060
    3⤵
    - Program crash
    PID:2804
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:214062 /prefetch:2
  2⤵
  PID:5024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:83114 /prefetch:2
  2⤵
  PID:3224
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 5276
    3⤵
    - Program crash
    PID:2212
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:214074 /prefetch:2
  2⤵
  PID:4808
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:83032 /prefetch:2
  2⤵
  PID:1248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4832 -ip 4832
1⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1020 -ip 1020
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4180 -ip 4180
1⤵
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3224 -ip 3224
1⤵
PID:1096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
1KB

MD5
749e7ebc9d8833b73a77a662f272e230

SHA1
70454e53bf0f4e12204cae8a4eeafb75e2f48556

SHA256
a1328519d701e00f058eeefe8232c164e71ff93900215a9710990182045269f6

SHA512
24432da0c98eebcf1f50163f236651888deaf8076a644c887a5cc521faf0aae94434cf8a6271a6c0697804fdcc43b86608cebdfc94da0154f575b70f9411e6f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_14A6FBF4EF7BDA513CCE61ED4B6B9C43

Filesize
471B

MD5
76f8f5c2de84a9cafdb24172b1c8dd1e

SHA1
9d130d8b35436b43d23a4f1d679cb5734e9f3793

SHA256
e76b17a9c4f47363b2843cfdb035693da990a5df8cb891d33b8ee0fd2e62be1b

SHA512
ce8e5f91b594cfe7dec56995399c1c0fadabd7503e31a9767f4d427c657da2eee6a943528abf8dab264c7bdc5bc502faa066cfb41f1365a7fa76c7ce57dab608

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
859d50a53a7d380e70236e843ffc3c34

SHA1
f20b37d93cf50a0b6c0d97eb38aaad9da149984a

SHA256
765a2fe9e54a30cb1f6d1de5badf018b6a6806ca3e6c33157226b947108b23c8

SHA512
957d4f80e086fc32cf899948dbc9bdb78dc2c63de2d7a3b627ff1148af352b0edc6f70dcc18d3a30517901fb72a7798ec302e8962b7b8203997fa4218570d151

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
88117a1f7f2aaca4c438339f14d59d13

SHA1
0ada65ee5e80521cf011190362ca76be9c2c3264

SHA256
7cd5aee29fc8c008ca03d30d1fae0b9ff6a0c4274b4d57b0df27b7e4090c99e3

SHA512
517761321315b56a1c30eb4b204891a1e357200e537d95795ec6b00d0ea41f2a18d952a41ff7a4797a5db0df818c4a081ba24bc7729af56fc82773cd8a7500ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
338B

MD5
aa3501efe4496a4b95e62a7f80676e91

SHA1
d5823f138743a45784026d14dfa17184cc40b5f1

SHA256
76d2f528923ea43343d505e1a60a327c83010edabac0b75a8b78fb75c6da252f

SHA512
3cfba22da37f3023b0c67e5a29a3cae4685f5792b48a92c0788ac2e45828b9ca8bd63ebd55fa839c56cd415a1acad44ac7add862cfb5c0d702eccfa3f349179e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
434B

MD5
e175e17e1d1750364b9cb5802498341c

SHA1
14be35161aaa2c99ac570f4f49013dbfe20576d5

SHA256
4edc3fce78661ab25a857df88434461cc4afe4886d012ed40d9a59bbca2356f9

SHA512
321c7dc320e7840834cc183818f88ccc549348cf71253c6309f50bff50a48c4b193226768d9a633ad1edbf5ccaba2b6e836b21f23ab66bcf14d0d3994e41808c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_14A6FBF4EF7BDA513CCE61ED4B6B9C43

Filesize
426B

MD5
9498cfdb50ebb66ba1a03f3013658528

SHA1
3ca61ef41b7e2947e0eba16e65e584eb60e891ae

SHA256
8aceaeeb129ec8018e9301c80267745f7545829de0d717f06b59e67fb78dc4ba

SHA512
354e5d2dada38e418a3797f811299abb956a956d07640c864de3ddcad1f0bdbaf85906a7dfc5aaf6bae999b5ed722ce4f1b1172b3e53274c2d77a4510b06a65d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
78bf3f8b61102e39ea209d05a31235cb

SHA1
13e179b18eef9df6e8606262e9cafd679de8b255

SHA256
ea8b2b7217d909053c33da02159857cc4334993ff1ba759af81f7b8a2d914817

SHA512
34fb600b87dd6e92bf170242c8dae94e87938ed58af487cd00a1c9f50f4bc1e7269d550ae6c35292c9fcdf3aa0b3b5d35142d741064cc4cef6be39fc8dc1dd60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
fec028e27a8f454b88a72d3862c9a6c3

SHA1
806fc2a760ebe28d34fb5dd1e4bf2990c716d3e0

SHA256
a4442429758e944c0f3b24451a0ce6c5acfcbbdb87515b23bba939e688638005

SHA512
b496d11d78126842969ac4dfbce6648afcb67faa58a74b766d2e61d57a2712914ce8bd1ed4957dfe6b7bb63b74b1455b37ae0bea3e3d654fccfe6c91be2cb014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\qTip[1].js

Filesize
2KB

MD5
76cc33f10dcdc369ad3aab3221b03c73

SHA1
d120a75bcd6a64add4579ea07ca851886f7e1ee9

SHA256
7e6db2f546cc235b51be971c7a90e82e68f441d11eab5541aa2d6ac712ed9c87

SHA512
3e78206f5c5d3d72970f5c0becc698f534d89bccf5ad10a64052989d07d205190703d5006ae203f8ae36142809ad66f9860ff5582166895b567d1eb5667e418c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\loading_style_moisrex[1].css

Filesize
4KB

MD5
a5dedb89c3551a5849a9767087a7eb48

SHA1
3307c050178a3fc6ad8aa68022a3058a78b51a8b

SHA256
8579d30c8295485b91dafaa479468adfeab627688c7e3b360b0e6a9d0a045e3c

SHA512
cc8be2c9371d9e3bbfdbd7165e1de3aff2a9e50a5ee5390639c2d9996420570d07c59724edf979c50240708833cc575199e8e825dd46053c33104abb0553df4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\TB-banner2-2[1].htm

Filesize
134B

MD5
4aa7a432bb447f094408f1bd6229c605

SHA1
1965c4952cc8c082a6307ed67061a57aab6632fa

SHA256
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

SHA512
497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\plusone[1].js

Filesize
56KB

MD5
1944af3661da46249991197817b6cd8b

SHA1
f952df40ec79fafc7c798f37aff92878977376ed

SHA256
63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5

SHA512
0bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W8BIYKF7\jquery-1.7.2.min[1].js

Filesize
92KB

MD5
b8d64d0bc142b3f670cc0611b0aebcae

SHA1
abcd2ba13348f178b17141b445bc99f1917d47af

SHA256
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

SHA512
a684abbe37e8047c55c394366b012cc9ae5d682d29d340bc48a37be1a549aeced72de6408bedfed776a14611e6f3374015b236fbf49422b2982ef18125ff47dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W8BIYKF7\script[1].js

Filesize
6KB

MD5
c40453bc5eb2f2a25ef09a4fa91aab46

SHA1
d074a425f765e57213137e6f358d8c6ab8eaacd1

SHA256
a7ceccfe0ab62164c9aaed8ed0a34c4cbaeab746569252046fc505e958cd8832

SHA512
e4c9b2a5b4fc9bc42bd2654a3f8e3fe160a7f4fff5a721c5d7a449a033c0871274c7929d62d421d80a05f55a2664686725a271fdaf630d4db5e3232d06ef7555

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF50727AB33C1DFB1C.TMP

Filesize
16KB

MD5
33633ada7b68744313be2757d1a2b561

SHA1
c05c2bb0d5fba18292948b6d8ca4ed1f99d753e4

SHA256
f0e25526f613f35e60c532917cb39d1545d5e29803970df68d6d5a452cc388fb

SHA512
741c401a487898060b11019c8341ffc9dffdd99ba2b92e168ad7924a98fe1f6e80a54083fcb1e6c281d4176b71cedf3af9fdecaa27bc0cb6d9a820d040f89309

Download Submit