e194d2fbde1181116ec9a9ac2a6ea304ddff38e7beaf81891877eafe12255849

Analysis

max time kernel
141s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0758eb3a2001b0a3ab41e3f205c0e301.html
Size

66KB
MD5

0758eb3a2001b0a3ab41e3f205c0e301
SHA1

f6cccc80bebbf92cfd20d838c01da1adef30d911
SHA256

e194d2fbde1181116ec9a9ac2a6ea304ddff38e7beaf81891877eafe12255849
SHA512

08a18e2b970297325bfa83c8799dd3f44c95105b196f2146f4524365f6e2df20460621151f1f12e72f7e01e2f1ad2d8d0288638a49328898f8a1b532bafad8e4
SSDEEP

1536:KsXnHHXvohp/EelZY0+n+it1+k+NJ6O+DSB59Z7+AiyuolP9cN:KsXH3voPlR+n+2+k+F+DSB5n7+ryzlP6

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000083085b926707c7560745278eede65409f7a952c765cc84f71bd148991b40d1e7000000000e8000000002000020000000497f845010ced44ebdad663d51d24efef4657f6d472a5676e447e5eed342a44d20000000568248357df6e1c14fa87fa34fe2cc620d7fdec4a58d53e8d033693effa6462a4000000070d07a5b1ee856c749813bf7d51989d75ffc4c8492a068fd87e7dc84064190d240be68afce4d83206f83f2c583971c4ca9817bc6ac7b060fadee898f8a5bfbd1	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409811259"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a306da7838da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E79C4451-A46B-11EE-8427-464D43A133DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000087b25d506aa72d3ada88eb0fefa81fe6306dc65765047c7c1fec4fd138618ea1000000000e8000000002000020000000f6191c127685eaad733679df0f985e9811981f960079d5b9af493e7d6705b05890000000a2399c8d30e4a975489fbf13dc6c34a29a8b1060bc5362b30c015e41ccb5a5cc853e3217b17083ece7cbb740c69630cc39fafd2061af6c6bcd00765c6eacef97063cdb71c9f2aced7fd0dbb03698b8d6e004ba2b927f1a5657d5d149b07345d77769ad4bc0f2c8159b4d56c5434001350ae429e8a4ebab9fe3ee0d1239bcc917b8dde9f868d4aedf3a9cbf88df0089aa40000000bf7ce3f4186903466303104c81bd38276464d9fb8a60e041d00d3b804db4b7910003587830dd67c13bbf77331d1ad8472c2aa87e2ac27e507b4abde04d63cfa9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1984	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1984	iexplore.exe
1984	iexplore.exe
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1976	1984	iexplore.exe	28
PID 1984 wrote to memory of 1976	1984	iexplore.exe	28
PID 1984 wrote to memory of 1976	1984	iexplore.exe	28
PID 1984 wrote to memory of 1976	1984	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0758eb3a2001b0a3ab41e3f205c0e301.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d3b54c27008c54e165394a5fd786f05

SHA1
e261d82fea8c0f32fc37d17f4be65f43493216e9

SHA256
7799f2fc6524cda95c237b2dc35179fb71589e92bcb2d088cd60fc8fadc64aeb

SHA512
4f82fbf4c63d52e499ba36bb9a6f8c4b5d7c19467e562d797d467bab6f1df05bb236a6d1d56f131ce5fe6061c42a3aa130b4dd139695e48db5d75b63e7f96ffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a08dd65ff08d19f74e9c78a3aabcf248

SHA1
69082702225acc2f17b4a24299534e2552cd24da

SHA256
5ab44c1f7fcc52fb9a431b28e855a19e7d132b90830e77a99e8e6ac8be6b8e4c

SHA512
2035291f24d46cdac44a165d5766469772e9e79574e6a950bc4a0404ff24b5bfb5717964d3a890fd366ad85c207e5abf7511906d33f7ea04798fa12f6f0f834e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f52a1be910fb6d9c9576207a223f257a

SHA1
7b9de19c4ea3d0836561210ca393d56996de5372

SHA256
f99bca5b26fa1a0cb486664d139d9d339b586e83d2641252d03c0096bc178735

SHA512
f52f4cd8763328e320eaeeb7106a77b957918ab3fec73721f921bd211823ef4fe1a33b2fceeff156c4a68e92448125ea8b0784535bbffb95d97ee60d7700d555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f782e4157b847f8843c44ad28ff396d0

SHA1
25fc04aa67170b16ed4dfbc83f893aa3e9c27ba1

SHA256
923fbde26050351f757bc6b0e34a2906da61800e75b4f56523b6927a990ae516

SHA512
87d70197c91e0e9611d20ed93c0dbc75056c3ca15da310c294f74fea7d556cf91fc7624be838f4e299501c6d0c59c261125a3e6ea8067fb649ef2ce82e9f775e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7258922976bc1ea1a7acc793e7aa535a

SHA1
aa096775907418608f25ba10d22e9bdf933d39ed

SHA256
c97d70830819d695b8beeeda3fa1063dd064218c702305a8bc703e46db3dace8

SHA512
922c8a9ea10d6c3ca36a7e7bf0c99de8b1bc9b09a378b785ef0a7d2cb3a434e63655708ecb731430646c3548d8eeab5b56a949d696571e0faeeeb08e8c325603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7eebf5ea16aaa046a449643311752487

SHA1
936beac66ebcf7d4c5ce118292e0d12623103e09

SHA256
99ad8699e10e48a7681b0d55d07a20a6baf2fc137a8232f67007ca6fa9e03c38

SHA512
41718df9c1114b777ef2a79865db722da63d518d86e48ba140eac07b03d5dbe2e69a81de552639f71c922a7fb9e2f7dda4d952909e243a43f69749ba4a86c0b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03df00c1c519a4c15bc0757477fe225c

SHA1
e9805e65ab325bd7613a71170d71adad178b2e47

SHA256
8243bf4294bd045be1d04a0d4e72fb8f3372937a7b95ea9e0452d1d90a84440e

SHA512
727c6193785911a41e5374b70ad435c3522521c24f964fa100d9a20aa8885d8e6a88b090bb87ee740121a19e2d13b3cd01cffe2efea4057c10027fb495c1b998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a72ec26a57c2788540e856af01f2ae2f

SHA1
a9cb1a77d075b2487d377735926c668aec9ab80a

SHA256
6858cce95766593087aeda39b89246d2272dd33581a53759e92537c1542d838b

SHA512
cbead73725f163ad6f19096612f1ac0abbab00b63fee46a15085cfd8f74385d130e548ebb23cc48b1c695ce76f91d419ee295e41ab6dc5216eac69fc789ffd43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ba28461f9116ca9c19e98aebb46ccc4

SHA1
12bf3aae2470a26c73e75a1ce39133fa2c004610

SHA256
9e6a0cd2a6b971d5ef62e19df9ab1a337b729911e66ae0c2d3f2afdff3649d06

SHA512
2ee7e6301605766264afab9d17fe700cf839c4e74046bd571d8debe3ebc4b3eb40bee723c9cc7f3fb7507e4d43215eed1b80ce8bc52a5b9e16809056be19640e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3820c2358c19df8f8ce5b29c74a482ee

SHA1
2010fd1563f6a2ac4c4ca4a78364aa0d3cba39e0

SHA256
d106dcf39bcac079300ca66f0181f562a23508c82a37a480ab9a77ae1f54d148

SHA512
aeddde7907268648d177310fb480c58b64c5f6070b5ac167e349aef3cb4de70724a8e4f7dcaa2dec70e630f922e517a34bd0d058ac1cbbb930b9c1d67d12779c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d576631261c444975a33e63142de34b3

SHA1
c8fb77b0a163a46dadfc9b5d5a4cba748b9fd046

SHA256
673e61870d691b6cd5a5ddc76d56785fa504ed289beb28c3bcf446d8a6e10563

SHA512
ae4f02b24f6d47651e34f5061929a391df84d7cd8ab76858cfb618e08b5d84bc97caf4e897a889af10b75495ab94f54f4f3b9ffe97a64e532a5abf977b19a631

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
036f028ade5774523b8a9d8387e49c27

SHA1
e7a2ac556f5c53e355a4a35d3906430228bf8915

SHA256
d45094b0f95179db866b1019e9144c9f47749baf5381dbbd492a5eca2b4a2b8d

SHA512
7884673d0db670523d2020573e7e283d9e3d1566fc08d2fb58e2ae6081012820102c18f1b1aee9b2eb8c4712a2c13bc3080dfedd9515f617ca5b3a0e298f8b1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4eb26a34f40ce11a90168352dfe1ee3e

SHA1
c4244da749596ec5d237ff5e565065b7f69ec5bf

SHA256
2ce5bffa58d8301d9bdf4805e408240e990434b7366b744c84cf17cab5a08577

SHA512
4e111ac23b525a13e50e57bb48439ea44222528d9fb4ec619e1afff12200ac449a7d9e885e3ec929a01e3a774ee229eb0e0440745f37cf3765c5da707fd46f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53STNJLW\analyze[1].js

Filesize
1KB

MD5
7ac253493bb423c998200493c1885411

SHA1
a9609e2fa2c0a155806cb3815e04e7d81bb683e5

SHA256
9a9e7740476a0ac3f880c61fe2af549303de5cbacf8c2d7c06b8ddd176bbd99c

SHA512
6d9037efdf11262f51e78341f9e7bef99efc423dddbbff53b5730903d062b4d0d635ccb8f61167e531efa6d8ea0bf6be56f6d6cbab8021c4e2dabd19acda5c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W79VKSP8\maia[1].css

Filesize
42KB

MD5
9e914fd11c5238c50eba741a873f0896

SHA1
950316ffef900ceecca4cf847c9a8c14231271da

SHA256
8684a32d1a10d050a26fc33192edf427a5f0c6874c590a68d77ae6e0d186bd8a

SHA512
362b96b27d3286396f53ece74b1685fa915fc9a73e83f28e782b3f6a2b9f851ba9e37d79d93bd97ab7b3dc3c2d9b66b5e8f81151c8b65a17f4483e1484428e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBCDB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBD8A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit