cd95229471f28118eb8f39453e9f27315a259bdd04217c94d1bd5325443cb208

Analysis

max time kernel
0s
max time network
130s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b7e02a59207fcf0b03a07864ca38fe7.html
Size

967B
MD5

0b7e02a59207fcf0b03a07864ca38fe7
SHA1

1b93886f6c7023a22e54f6f079576328231b6941
SHA256

cd95229471f28118eb8f39453e9f27315a259bdd04217c94d1bd5325443cb208
SHA512

b39560d777b840ada2605f3ded90b35797c2cc30a364c0f7a618dfd1245dd9679a657d979c08e5256db210ed154dd7825a1886e48215a1951b6a60f98f80b25f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{15356731-A34E-11EE-B309-FE29290FA5F9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1720	iexplore.exe
1720	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 3044	1720	iexplore.exe	17
PID 1720 wrote to memory of 3044	1720	iexplore.exe	17
PID 1720 wrote to memory of 3044	1720	iexplore.exe	17
PID 1720 wrote to memory of 3044	1720	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0b7e02a59207fcf0b03a07864ca38fe7.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
  2⤵
  PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
5KB

MD5
73f101cb474d2101e5ef76e684e3bace

SHA1
8d7a75e1d3addd0b2b4b394f25c4f59890bde628

SHA256
0dfa3f44ecad5dd8e55961e9e87f8fdc4227ead46ad0f318ca52190419b49013

SHA512
3a69cfda58907fa7044677dfc2ad77d6bc7377ec93b21651e6bf0367de11bffd1a94111f5b17d6fde3dd3c13999753d389f5300d32f25be6f658a5995b67a95a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc7bbd9bdd525215eb590acbb97ebb97

SHA1
b11c5026f0cbe231604dfcf383c3d36d1e312e61

SHA256
ce7ff4f44157d95e81ebcd119c1308cda279b7d6f223b38fbde1ce353c18495c

SHA512
a596c08c6e762f1d1d16a1460c25c9236d89c7abb7520813bc8bd77ed143e985727bc184e8f5b135c101187ccb2ed58c219c081c3f681986f3400aba91a4c05e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c6125010d7c8811b7729675ccb312fa

SHA1
ecb2cf3082ca2c26707c65831526c52334fcfd49

SHA256
4c3b2ca5f85198193060b3cb9b9891eff8fb19960fc0a8a472e164df680c84dd

SHA512
1fb5ab2a47efd9151f30b9c3baf2477b372c37eb9177f91629eb7b5d4b0efb5a9b4fc59502984f6427a7e2b9693c64346136abdfd0eb599aa309025cce75caba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da648d837f9a170d653b6b24f0172865

SHA1
b9db83924c06a707530e67bd0c91a17d0705fd55

SHA256
d75945e625d5a6da3495c28960ef01b01de6c21f5727eee21d56c04607c67bcb

SHA512
736cab8e13781a4f33c10ff7ee9ea10ff7e56d5c93506083f0cdb031171a739e950a31204e2cd54a892a23c1aaa97284abac7b2648c35baf2016f9070e123f92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aee3a132b3cde53125e949e3075e00ae

SHA1
049017bcf92b163ee6f03e40e4fa42acb09e2daa

SHA256
10b0a8c3280d757b0184819d5157f335b079d6f557aaa23866e5d9707ed0efe0

SHA512
10a7b24bdf223be623feac743fe966760c81992736e8e0da2463cdc7d5dee1f6c06dcb461f6008b6fd71b6c97fb584198307144f844ed2602e1157cfd6249c39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc7c784aee0b717d435a09f9ab3cd92b

SHA1
e949dfca8e03fae5771f3ff622d125ccb00285cf

SHA256
2b49414ceb282999985db084f3b802211eee7634aee9f837478f5fb20e9988e5

SHA512
396018cedc12ca698dad9d6ba8deba08d096147ed9d4a1f4a3722b917f1fae4a36e788f366b275eed5bdea472bc9d003ab24607555cdb18ec2e76e7f1407a85c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bfeae2f18e371a20e1ea456418f04e9

SHA1
d51dd59654dc3ecf37f539fb8a52001805e1cb60

SHA256
35d195f4f35c08bef100c1b9ec5a772c8de77b2410c619c5511e385ae6370faf

SHA512
a2bc94a352c04a442545af3e7f3df6015474141e74b75fbf1daea1f882fe58444143dc7f385bd35a35d2d6a0feee8ee444021ef4db7a16587bce24dba3510f81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed36057b6ebd5dab4f89a8243215caf5

SHA1
5931d1756572e0354dd9fd0e13e04e8088aef609

SHA256
458f4d0aa84b7cefb6bcb50a9d1284cc1046a2149bd21e12a6c88e09c0986637

SHA512
91c78bd08413d2bb1e6a17c6cb363838375f47b9d07b300fa54aec5317574b31e80a85a362a176219e8a5151641983080e43dd0f1819bc8bdc3b7945959997ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5915a30799f38df833461c8d7d65c2fe

SHA1
5610c77e626064a83124e8e17b1dbed79ad6c2b7

SHA256
c9f44c8bcb2c21b150602d7e378c8ff61591eb237194560c8719c21228458ec5

SHA512
1bc2246905667023222b9f026e8a5b27aa4d6636f78645aa0942561446257eb9eb98a1d793fe66c48a4df48e94906b7626b26c6839f7056fc519044d676b48a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b7abb5b445a11c9d01a5aa7675016e6

SHA1
e7a4cc1406aee08808ff01ecec5ad4e9b2d0e4b3

SHA256
30b69c3df3ee2beee1cf473e7e8ce8b49bdd72c05e0c76bc7d0fd94c6650c3fd

SHA512
2f4d882d21b34ff551d811188f3bbd44f4e8df54542a9f2d8897230fac603261541d74886ee4de008efea4decef23e7e5884cc4ff6a031d4a6e91f3ac75f2edb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52c44afcec1a467ce9b027151caf2863

SHA1
6b1d03521fb9dbc0b784d60290e28e865e921bfd

SHA256
1fe26c3b94be8e24be424299e1161bca7acb65c48509051c7b6f792a71fb6d9a

SHA512
f47bcd33fc0c065d5d57247c874a2ace7fd90fe7c12c2274d18fcf3407c5bdb39880a364fc74af302e2cc162651b1030fc8e0be1c0c0eacc6378ff8fd9d8b111

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edec898df969bf6296b086a27bfdfc22

SHA1
8d8cd5cbc7ad8a86ef69d4c9689913294cbdde11

SHA256
93ef3cfc78618c1d53a10a55083849003183657772dda58335a1650c40dfa5de

SHA512
ef6b221e8ea12c521a50b1d462b26994a39793407bb702654f0e7046fe3dcc847f41a1a33352eac6c65a24b26b7959303a7d4857a4286038fc864c17a0128020

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99229f17d9df18def81f01820a018eb4

SHA1
341996ccc6eaa87b6d7827d167d9729e68a8ea96

SHA256
3865eaf6808b8fb4cf4e13db1944b027516e0f4929c553d52652dd3ea4faca15

SHA512
c1c9ec9af332f0806a5ca41eff3b996cb6c25cba253d476bfb1f63b244db4681f91cde9a1f5bf49fe9a9299b22c1c50392b73eebb9823a2185d4da4a7e2c2645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c61c9f33bd48992f487024e7c82b459b

SHA1
b880ee8895dc73b888f2c37de99707c78a583285

SHA256
d9d03ff304c160fc2d4a028f750bceaa657494c310f50f84ebd972bfb8c3c947

SHA512
0b29539c53188e8cb24f2c48cc36c0aeb7eb0bcaf4dc3f2cc423c9256af3e445221bf714063640236c2500341c0ca53cca2cbae392106a588b72b349e8813603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2958.tmp

Filesize
34KB

MD5
ebb1e58814077bcfad60c1babe475236

SHA1
d35fee904681e97dd3ebee340b96af50004f8124

SHA256
03cce21fa6e031519787e3fa6cee5492b42a613ed94597c4d0fa11382d7c3d95

SHA512
b0992388e1c48dc5c11a2d069a9437db1628c4a8a956128eb2eac5fa2f6e4c8460a22588d9b573fe08b761e675780a49cdf05ec9940999ef9fbaded2a6393729

Download Submit