8f790f795f7ed8036022bfc94cb84c9240e94a7bbf9e4cff66ae00e35ec66a88

Analysis

max time kernel
142s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0783671e82f9ec70411d34f5aae99932.html
Size

18KB
MD5

0783671e82f9ec70411d34f5aae99932
SHA1

b112af3bb9fd5cc8350ac48e3f421e58b17abc8b
SHA256

8f790f795f7ed8036022bfc94cb84c9240e94a7bbf9e4cff66ae00e35ec66a88
SHA512

29e85471a8879d37485216d72842fe0e54aef21a20969cb827ba9dad7c7267940388951c015d2628fce4942b892d2a83781d551951054c164dc8a926c0cefd56
SSDEEP

384:voMeNAahr1AgdGgs8jMaztTLPAuz68MMv07e:iqK1AgdGgs8jJO8ts7e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000007d74ebef7bce1f9bb3cf382edcd6c50de8567e11bf381bd6b8ac51caac0ed97b000000000e80000000020000200000004c3a1fd9bc15b7adb67f1d2192b09c6dac0c389665b9994233977ddc01ec30e190000000c2dd48621b6e4f3251f112d36c19af6a3a128979f0b15ddd342ad420c446b8291a427d961a16d3f2a63111a5a319b77b1cf6a2a6ac7bbd522b885f3961ed007b2e6fbcc84ad53cf67c30554457dd2f2a7456a3122bc3c1ff26ce09b4af6f5f33a9a419306a83d28f1051c2f57862a91463b4404b8f84c900e8c9e3e2b0d9a7efbae1554cd3f6a6080662beb20a3a3d4f40000000e1835b86a02972143cc2e47ae4bff19ad0b85510a7d41323124e9378236595183ff213bb176985f61a5f4b429c2c6a16c0bdc5ccc29606f225d75489de20c851	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409680635"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C58CA1B1-A33B-11EE-A7EB-CE9B5D0C5DE4} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40f701b14837da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000df62bc8260074b67389980352cc866ed7e54ef4e9df792dfd75a7b6d7d4539d6000000000e80000000020000200000007299dd26bf7e9e5ee39eae42a89ebb7cf1a8c788fc1a15f6f58989f426ae4f9020000000e2d0e045f3c2f06b243bbe3623de90014558a3b78420b0538e2e4275e7ab12ed40000000adb84509a6d917a8264f66e975811634477af9bbf59f93f2c7bc9b66843a120ae92a8c129682c339262032994cf4d39e5fa1fe2420201af2ed0bd4942693c47d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1524	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1524	iexplore.exe
1524	iexplore.exe
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 2136	1524	iexplore.exe	28
PID 1524 wrote to memory of 2136	1524	iexplore.exe	28
PID 1524 wrote to memory of 2136	1524	iexplore.exe	28
PID 1524 wrote to memory of 2136	1524	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0783671e82f9ec70411d34f5aae99932.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de1ab05da1c0e536f54b541407cf8b92

SHA1
b90b421bc694372dfdabe303a00f6c3dd8a7d829

SHA256
86e645486d4cf81dc2fde67a33d116d798799589f48106c770620bd781deb334

SHA512
0882ded93f7127bfd7be53dd2411c6587ec41649740b9e5210d53fd91bc5e5d15294358d2074bc39a1f4c2b03c18b78931ade0d35a74b8d8c11feb164852fa06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03265443f5a3d0954f97f656ec24d7c5

SHA1
d333a571db75362c854bcff3476d84d31c8bda55

SHA256
012419324cea022a6ae7f9219e24551b45491193d56b6f51ebd763a008fde81e

SHA512
f739c7a22a50d1b81ddec8f8b3d5d1f68c8cd8b9f11d99569e3881caeffaa3d13e7ff5f98bf74dfedc6370d70c9fbd1caad1c62e19a3c752b896a07c52f31fa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8773edbdeb5909c29e67829e05a5c541

SHA1
9b82b3ff23b8b057765143e9d877ee34d89fb291

SHA256
73d092cb329abb4e01e4910f78badefd113c766c4730a3831100f24c420200a6

SHA512
d13f9acac7ee502a12acff59069bed049d21e120296e92a57b5fbaf98cb4a426c8490250a4d39ca62efbef515cc59a8641afa404c61348a8edad42fb6238da3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
956db0aefae27dee0fdad88b56d0e67c

SHA1
02410d1d3fe9cc5aa1d7697adc274a78a3536179

SHA256
2ca1c4464e67d4568c6d498bd9eb056413b6f15755bb53c6ecc608e754494554

SHA512
969028dc8f14508a54df1e9f99e350c9229a93c8db0a00f9b2b450dd04bf5fe778d8a3099e9e730e4ae5e9b94675c3201fd00a724008c6ce12366cd32690326e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aca08aff165cdfff7a460996ca77faf0

SHA1
3a85826bcd30f4da74d4e867e3fd3d00ad12d90b

SHA256
ddf486b9baeff4eafbcf35658846ceb5c3972c42ff8262beb3a0aef421983a0f

SHA512
2df6df16a7fe9dcc5e8f81a5c7a23b9cda653c36efc19ba2256b5088eaa4cc182128d320984e7f4a06300a0a516f4d8b88e7ba25fe5770d21c27b53d83e5f703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53e6972b01918b150d0678a5a7431658

SHA1
57bb6bf910620964fac5e488added3b4a4016031

SHA256
d03716af23dd959e3b5d5e7359c8776188136d0627361d00bc4c4fdeb2c721f6

SHA512
3008c032a7d41fc5e4a231399a78cb30a958638c4d566210619bf32cb4ac96f56620fc201c119e524c6f3d467f6872c105fb67aea5bac82bacece40870651a1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
687c412940126e9509d22ded2d074481

SHA1
d4e0948e282bc350fb54ab11121c7efccb4cbaea

SHA256
b1b2d7ca37a815e3c1286500edbd26087ec658a7b72654ba799f13aef24b5802

SHA512
d66e21bca9307c2d5bb5eec97ab76a4b12f710b9b9280572e1e729fdce7a3f1ff959fb18a4ebdadafbe52c05c9fac2ce198c5ad76123befe53ffba188239428b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66e706a4632ddb713e223ab9e9a8477a

SHA1
5128c6a43aa04193107b5b888ed96edf1d190508

SHA256
641ef0f742cee40e5908463062324d4234f5be9a074327e6e5ddee08e09d1259

SHA512
a839561baae67a731e25a56e8598ea6d076fc17926543c98928181483d6078c081ca6584d23a89d8064407bf3bbce2f68b977a322d09e849ebc33f55744c8555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1ca42a6991f84846adac93a3125f46c

SHA1
a7cb11c66e4590083a728da037d1ec0c8b5d6966

SHA256
e67d3d4299f1a3706461b11c2806ef4b850a79c28f2162a443100b1c491bd0fa

SHA512
77aa28f802fec7492f11cd8785dd81c425ea3dbd73ba70004f412db43517c115b0d6d0e04909af2da21d83171fb6c510b66367c766ef940b6ebc1c4cc8147fe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af185048e5dc1fd08520ed5185bf7d4f

SHA1
0cb08d3ce8f62948f1f2b6643d944b7fbd3da847

SHA256
7be254d7bb3211351dd0240197e2491feffad6e970c21aa5ae7cbefd57913643

SHA512
fed79e779f4858f9a0aec2518c7f6a525b941b2d0d61bccba6a182e0f752e935971d53f9e0ed4b60d3936775088f1857b58cdfdb72ef8319b5e318a963dc70bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d7cdd9672431173f7ac7889ebe3156c

SHA1
33b8a84b2d07266f25f8aa757557398bc2749965

SHA256
e83a49131aab582ee4ba26e71ddcf8cabb6da2bf6ed96bfc04323c102606d25a

SHA512
bb6023d2c935726d469a051777bdc05313b37d6fc5a9902c5e78c339786d9ae26197b28699a5da97e41e90ada52d91761c94bc6db5d7b08110f24a378f72f0d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a92ddbaef4c3082db56c5c43483a938

SHA1
7fb68c16555b03eb8f61c3c6eb50ec3050a11a48

SHA256
f5dc568d73ff672a139335aaa33f976781c33717982c070eb52e3128b5df56ea

SHA512
c6da5aad0903abdfb88048c5bb6be6149c76f030dad796e64ba8ffca056f6bf57c09e537dad13e40c8430ec70048cde7e481e4373da4e466dfac43ff41dfc90c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed7ecdfa79f517b89a70a715d0c59619

SHA1
281bb58aee0636dfbb81dc9c78bad25dedb2da3c

SHA256
d92850226acf677425381bf5888123c064922e879bfd7b733158e21739ebcbbe

SHA512
18ac382c485719b4ac436157d4db7654e575d79289e969129541d5bafb3e76339abbd57d34939841468687bb264079c2f7e790f018386f178cf390541b737224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c703452b10d3c36cd7332118858e1292

SHA1
e8cc0249955bc1eeb8bd9c091a78632afb01f233

SHA256
46dce0e6663bb5f3260426bfcd15c8b4d679be1f51dfd0c98c90316b0deb2a0b

SHA512
397a7d7e1ccb5e17f4a8734e63092dfb1d3614d97a9c2dc557db48d19569ff46b47ad512f0ffb2d584df20185f482c5c264178e338818c533c4a79df73c20578

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0f050770b56c31917a31d1a2d72203b

SHA1
5616bab5dd145b078f59ade0dfe2bca7f868a228

SHA256
8da384f7eee46da2d308d0ed0568d26b07da14183d72a5e15a54013ab654ed0e

SHA512
fae1120114ae960c09bbcb2f3922f8cd56d200645d293a17cede8c8201e1e878fb5763820633e009a4e4bd0075ef06059c2b40abf8a2c45c7180cd3928cea422

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8259.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA192.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit