05f78cf0b5f5412e15284270bde34a63897216fada369ed857857aec09b597bf

Analysis

max time kernel
0s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ac3186e0c34061ff0f36dea57aecc58.html
Size

2KB
MD5

0ac3186e0c34061ff0f36dea57aecc58
SHA1

3b8ce9d4ec510a7c2ecd84dbc8c84d33ff8dd707
SHA256

05f78cf0b5f5412e15284270bde34a63897216fada369ed857857aec09b597bf
SHA512

5e42d58b12f42ebc5d63002cc01b302d6c6e8da5c238cde63c47a6b62be05d23a0872189cb84ac9f662db2f1c175a5f950bf9dd407dd9b33de0a0e80f8e538a7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{343D4861-A492-11EE-A586-F2B23B8A8DD7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2296	iexplore.exe
2296	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2292	2296	iexplore.exe	17
PID 2296 wrote to memory of 2292	2296	iexplore.exe	17
PID 2296 wrote to memory of 2292	2296	iexplore.exe	17
PID 2296 wrote to memory of 2292	2296	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0ac3186e0c34061ff0f36dea57aecc58.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
  2⤵
  PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21577b4377256d7a7d194ded056aa17d

SHA1
a8e7ebc8035fa98f59bdc41832ab93d9ae5f4518

SHA256
5a60391bd55c172c1ce3d98af8ab00a1e08274a18207f0e2fae8c88bad37dec0

SHA512
ce45a15bfd7cab50b700d99c41bca3c8e76fb448f9701a89dd9d35049c5a2e03e7e18b745a77baa5b80f793389c212f0d0c1b493be3c5847194c13d21f0115de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8676349b32c609358d48ba7d23e26e4

SHA1
a9e3c3c4478ef3edea9c0e06a666a797c93066b2

SHA256
50b6477862bad8f84177dca6b4e9732114f2d15ef002895e854f3f67e0e3d8a7

SHA512
1a4b975647b6bd5270b519be48d1df549640b1499c6c1cf5e5e8d56a5aaea07bb1c5ee68f78266f27e7fa986a6b9db070fba2bae405b5a2d532fa3a227028feb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47ad3095763d24d17c9e772ab38f793a

SHA1
429f8b68b98e7995e143e5a92d30fcfd0eb037c7

SHA256
efb1d69f32812caf12fd7046440b7fda102e2a381db9830f2b39c46b44d26b16

SHA512
81099eacdd1d480dc1d6f6f1977bf563fbfb7d561c8065a7f284e5d3093476724b1e9cae0b65572e2bb416604749c5f89b9d6f8b3c11c02eedbc9a6453715afc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2738858719af095f7bb7d700f0652d42

SHA1
8507a3439b2f0d72064a1eeb44b8c8bb4ee99dfa

SHA256
7eefe950a8f9f2cfe7cfca05ba48ef3b25575acda39418eaf4d994356209480b

SHA512
fef86c28a6606af60f6e938396452e2d0d51a9860310dec8b8f79585468017212127ae48acc893b5423b5c827348b1d6d748576992dbf98994fcb32c6d9c9132

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f409835f8c0a5744bdd2b417047cf47

SHA1
244c7d9036d5d2bf8bc291ad2dacc1bb5684c8f7

SHA256
54f6126bc6adc8e89e3281c97b6dfbef51572046bb495aabeb979086a143b8c3

SHA512
fd9c3ec84f3f4a1c6ebbea3374ea623969ae819ffed6c7cbf1dbb69b15c84b8261334115a2049e85c179f6669dab26946f3941166d59a97508cee25a8c65aa9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10abd87c65040867ea30a601224162e4

SHA1
e3168d3c87d08ff7090fcbdcc00fe228e9d64b40

SHA256
99afbac09f04438484e685cb0c84ed0af5ff61f3020a59a27e3c1c51119b822a

SHA512
b6fed76e8d0fc0e3f290efc3478a56bdd7bdeaa64a5286fea399da51fbfa31ec07c6b51a019520797ff04d38078a4185a9dbcbda9b39f090ebecd95d703504d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5003da8ac62f4996ef87e8dbe4fe6375

SHA1
1fd4b5c77345a6c93e4fd6c8a09f9447d3da0ae7

SHA256
3d9a4a12c28134477183ed26aca62aa615f45e191e50a3fb508b6ee8aa38e8e7

SHA512
d3545003d16e47ea5a22ec11bdcbf94aebb2f79fbb290a69205c805f5b5afd0080bdce377de79e9b86d1af3194c30ea8cce5379ead7c14bf3b7ec0c88434af57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38774a957ebed65090d06d4cd4b888fd

SHA1
806b8de4bfeb35fc43dd5cb41801155d85f12aa2

SHA256
4ae2e2e5ca479867849bc9f112ca10370a5b631a759a1a9ca84d4e691592b2b0

SHA512
ea852870d366e3f21c94da744133e34d6ed84c0e7a16846d4b28569d8240ffaa7c64ff00e572db131d0977feef1ffba7032a7f8defd8f9ab52ff62bb7076c1ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f68bdb243a699a30e932d78670902ef1

SHA1
51f89df3257f25647525d98e9dc44dc3392ef4f3

SHA256
609212ca245989ad21de026a8470f04e081068b419bd945e06c3239b21e81d65

SHA512
c8183084e1f7e5cf034075dd71cea2eaa5242cff280a5e0f0e0cf3daa9f9f5ed3b49476b46beb3049067e87ab550b251d6cacca309ee3fd5434cc914b6ffc13f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acbbabdd32cf337ee0df6d799e4d55a6

SHA1
3f8191465492786ff9cb6ba267f7b408ea356e65

SHA256
d5153e53cf34bb0fa95aefd8809ac94933c95b3f3fe3fbf8c73d2f10de528748

SHA512
185ff8f383ca5f55dc77d88cd9b8fb4d66b96738d85f7f97c2e10701043268cd9e8142d529d5371943bad723eacbe7c908a28daf213ca7afd03430b3e35c201e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf16c80d56da266a099f0318775388f2

SHA1
ce48a0ccf2da7673a4d5a76879a126c07ddacab7

SHA256
de91228f4a3f7c4b6b7bed646f7c8674d5a6f03b65c0599de0ce352e44e84731

SHA512
fc3d290d9c3deb54579a60ff635431950d1bd72ca57f738c75aaf492fda7d7a7b0619a24d336e3f1e62db1f7aa6481ef788ffbd7aa25c7806e1dfc65e89d79a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab56E7.tmp

Filesize
40KB

MD5
ab4f48892fd4b80eee5a96912e57fd2b

SHA1
40abaea93640642846c0c3fc4348cee9c4131f1c

SHA256
e5dc46dd0fe9fdc8af7ce207df8da4b1541c39ada69abe469d73bf6665ef962d

SHA512
8242f28091689b77110700a7e79c5be8312979f6e59a6f2c312cc0148393f3b4486cc8fd83353c00ee1d9d45c02ec261062d33cad4f45fbc9eec9c58c3b3016f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5779.tmp

Filesize
43KB

MD5
d4b6ef217e9c0a0b2b02c4042cb5934d

SHA1
8ce0c6b9b73a813e1863b7a0af8c373c45b6639e

SHA256
709225137fb28cfcb94a848f7f170fce939b11055d269ac108ad53f705af4cd5

SHA512
fb18b917f24addefe2f0c9bb95cfeaf6d42767d7c161b6b10537f08da7f9f07b42de7ad5892eda63f1a2636dbb05c3c55b2c2ce1e51880a7c7cc1786b0d777ae

Download Submit