e08607668b39ec658ebe670e80dbdd48bb0e04d41b183ca95d761774f9248b27

Analysis

max time kernel
0s
max time network
140s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12b45725d945d3e320b35ae2bd204ebb.html
Size

57KB
MD5

12b45725d945d3e320b35ae2bd204ebb
SHA1

e027100f19b5f24337391485de20c2330f6c4e8f
SHA256

e08607668b39ec658ebe670e80dbdd48bb0e04d41b183ca95d761774f9248b27
SHA512

2874bf405e166ae0564362f402dd43adf14a32bdb3cf7b48716b36240dc8b0e7d41287e5cb59d109b4d0e3d6161a34c192a308196beebb515bcbe6b03e285cc5
SSDEEP

1536:ijEQvK8OPHdyA3o2vgyHJv0owbd6zKD6CDK2RVroZVwpDK2RVy:ijnOPHdyp2vgyHJutDK2RVroZVwpDK2m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{12D5BA21-A372-11EE-87B3-6E1D43634CD3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1752	iexplore.exe
1752	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 3008	1752	iexplore.exe	17
PID 1752 wrote to memory of 3008	1752	iexplore.exe	17
PID 1752 wrote to memory of 3008	1752	iexplore.exe	17
PID 1752 wrote to memory of 3008	1752	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\12b45725d945d3e320b35ae2bd204ebb.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
  2⤵
  PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64E544B76338020D780BCC40A2A2B366

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BED28547CD88D26CC5D20663CC60D70F

Filesize
727B

MD5
112429a083f049da53aedeed36789a08

SHA1
69fb5878bac60171a8615b84480d69859c33a902

SHA256
4d5536b0d717352e99888f5b2331315ca41e8040c992cbc02f1ae9a576117e92

SHA512
f25c12e32ce7ee6914c3282544dd5587618e31bd30fcff790aaa4d9afb9e1e761643e40ec5b09873962d30c64da8f51a99d8096f5755afcd3a7f33c48abb425f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d83450242ae9d19f53d81e4e583fc1f3

SHA1
0915a69f77f4157e9555736671d17f0177394414

SHA256
6186949c530a2ccb0242a36e2691e1600856671f0d5cc9c1a0de27c752304caf

SHA512
a4ce2f446cf40250881b8841b41a84bfa635bdf7dc2811913a50d0d6a99ff45481544d62f9b2b8f88973d69b74e897bf91ef0c8d49de55f71c8766e8c3ee7d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64E544B76338020D780BCC40A2A2B366

Filesize
414B

MD5
a0ecf1413d785805a646df143269d767

SHA1
217a7819f53e738980f03bf5cd6a221ad5fdf61f

SHA256
59631d87950ace77f4a915aafd8e7c08954cfcfd2ace4b7dab36e7cd3d3e2fc5

SHA512
290f0af5a191471b59eb81e5de56cf12fd2ba22aaa6cfa048ce42c3d6b30685603096caeafd1b2b372596ba37a8ea38a7c5a530c7a3cd044a71edf43151db0b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
295c980ef0d2e34942cadafa76b885b3

SHA1
941c43e6e579286bba4dd4cb3e0acb4dd58c689b

SHA256
61209cd701f8141eb900b13afd9c6fb2a3d87f6fc9873dd04d497c360d2b880c

SHA512
13476c01ee6d25f2191885d93842be3759aac8182fa0541ecd5e921b27372b812aadbcf12f33ab751f416a9d721e2906c7bd131d036edf33aab814329a248d66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8269baed2b53a78485ad5cd9c30edcee

SHA1
b3cc061daca582eabe5ee2c6b619a432fe4ce965

SHA256
d91ce52f5b008269be0c171e69aad4920410d179a75d3fa29ca38c3dd757e19f

SHA512
76428d077db6f08c860128bec1dbe5ffb21050df09b6f83efe44f1de94305d6d16b141b08b3195abaac05d07688eadfae44ede3c3e5af2db22ad89a5cc98892f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07c94cfac84bdc7106abbc8f02b985c3

SHA1
a13bfc0a21d1460b2ff7a6c9cdc5b703b7f750fd

SHA256
fe13869da3117cb4d6a5652373e555b94150236c80335daf2ceeee5b7681ca63

SHA512
51d998f2ab58daf1d09ecad5e37e54868a7c2b46922d77e66d00b4e593efe1baabe6e6e223dac95586d2b346c0f7ea5fae4a9b51a892128a786fb798a406cb2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
781785045d1a68c7e8aad43d8510f1aa

SHA1
cb82c1d54f7f4dedbe855aee52d5e933d2a73b4a

SHA256
4ee3e2251db4e328c1bc0906cf7f3fcfa3f8f5b0032c798067cf23b08034b66c

SHA512
3dc47a40ade56e0b28fed81142d1b570fe7d8e39f51d96b7fd2a72bb1932cc79b59a1c923c83c86f11a69cba81c9bcf60410c054f90903893bdfd718c7b57ea3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3f0cb71e6d481f507fd349c7d3b2211

SHA1
d2407b3c0318f686a746be491f32760388888ec4

SHA256
fc1622ee3fda5db25bab493e49d57c7f9cde540c72148166ea8224042f0fb033

SHA512
b21117732bc4770319ef6b1da01cedd59e0db09de01b097988f43129cc4b9c305c2fc89c750606135f4f961d0418a3aba2ac469a06a4ab2ad95c41ca086aebc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dba70b7f61767aa91027ef980a9b927

SHA1
a90560a6fb0e9fcd88609cf10c84348222915803

SHA256
8c4ef9967b6ec86769b283c953ba3846bf9e736ffad32a8a75c697b3874e18a8

SHA512
e59946669822468424833461408847e9b500b132ebf27e0a56ecb200947b52f1bd13088730b65410daba1b18323677db0f044e2c4ecd9469c6d8b2beb62e8790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
557d4abe282ec1dde8a750dc526e7fe3

SHA1
81885c13c1d997f2e2cc071625959ec989b17c08

SHA256
99ecc279185f07fc4ae160d8acce16d506f9e00d87cead8824208078b604204d

SHA512
597f151714ae6623f4888ddf9439c0f68428f1f86e0d4573967c93385e9b12f014aaf90f501e05d56889928dbc15a8943f3e0be1bbb7a0e1bf24644d2e0b4d24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
651d305baafba54acd770fd87fb81bc2

SHA1
0c132ee0249d5acf41d135e21c4a1c2f2c2eebfb

SHA256
fdee132595229c1021fda0f40c938d8ca2115ec3c47a6cee5bcb30c51e7f97f3

SHA512
24133ec441cced9f41e69f6169c854af6a7b721ad2d166fa0af1481d5c713e8530543bf2e4f852e620dd996d41360702bcd1a7ef7a07e29b9c94a0a7a2b652e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8106e77be168d71bc5be4cbd7202cbbc

SHA1
e312ecfa9d53db02c2a18084bffeb6fa36a72a2a

SHA256
079f2676c932cbd8c61b55401625cf909e74ff0185eb0b6d09a77bf9cb58fcf3

SHA512
5222c522b611827d5827555961cd801bb63474e2adefc9f5ee708f2bfdc63ccc6d234ed5102f5047122591c0ce8a5d2abaea40ff1b8901c383915433f1b92160

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5d8efd855c4a9a61e23392aa3521c1c

SHA1
f411bf203a9eb37d8b009bbb95ce9bc11fc89c6b

SHA256
abf6c649dc00ce5b858882ae6c6a083fe782015ac4f8814e56f159076901659b

SHA512
a3b0744f5ceef37c7db72a2ac2a9c78b34fa3efdea1ba57e198c42aef441869746bc259c7db0259db19ee7daaf1b6e557377f66c2e4e85f5453fe06921feca26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
359a1a02211e433c420668b650aa6b2c

SHA1
ac76c2df1fe118b4446b0b556480ece370bcc3bf

SHA256
c712efcb406612a478818e127e418f8a0732d405ba4bd3bd3be982597e2f783f

SHA512
7e38eb6043904d2e93e7d23bdc864068f3d9abfb32931af6023dc82246b27dab4f65be7bd2ec79e04f81e056608937181bfb527cc306aaf5a4f6bc40cff73f13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6433eb920024e7e58b7814b86bee3925

SHA1
74888273faa44a595ff875ba2d2f38d8a6afde57

SHA256
3e3809a4b1da972ec992fe1fed50e7322fdb3e41613e5530e61309cf24c6a671

SHA512
d92d4c468669c6821cee442e931f1810d1567cf92563fdd9dbd867dcf0824bb771c77e27b4caa35373e80f46da77fc75d91e7465957cba1f125d2ae8af95c73f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0e79b93d893f94dc17dbd93b63e6f66

SHA1
79a0f762e5e963db6e32bde88cd3b88bcf0151af

SHA256
f9ca572db2bc35acaef42b0925b067d2da239cb68353c8dc600e5e4154e12637

SHA512
3fc042a052e299ebc2085b39fd8262bd311e14c7c559eaae1272a996946e935e26f6ee6b59244b55cf87ea982fd1aa2a5109fc1d9a9f0d88467e1e238005aac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
480beea80a83f89e78732437f6620d18

SHA1
af11710e6ced02d0e8792dc7eea1ab9166af20d7

SHA256
791f00efd1e3c6e393a3819ea676a2cf9cc7fa7bf5f4710596e31407fd0b0749

SHA512
7e00d847370a5c404255b6ac5f836101c4304247bb87a82013e682e11b96faa16f20d832aacbec76a2c4a8c713279fcd716d1afa16df43d308bfb874970f9a4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb47e76e4fa8dc9eb504f479c73ba268

SHA1
0bcf6c7a5235b532a2391eccb8444c812b66df70

SHA256
0b90bbb879b41a60a4b6cd754b492fb17035cfe7a08f728cc44ed0c4148d2425

SHA512
5e93f043cbb2ac76ab4be2be63b1ea6c2c46e5bb437d3edf55e5a3c96dac624ede015d6494b870a432beca313b1c82ff70a7c283ebf670938afb0605761476ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a66d17c312c98c966706f2dc9ce6a0b0

SHA1
d60f11a5ca09485f5d8240bde54d46853640f1c5

SHA256
b8a55dd3e996ab45974436f7d0410ef6a7e0924209903fb9455c6907650cff60

SHA512
6fbae5af3c0df3c38dc1391b90f6c3f3330d3bacdf6a25e36f0c6e8120d13c42041f0d608c11dd9c2f452051b57c9e11fc3257e47e59febec0382d7f0190326e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\PAJU2GSA\www.dailymotion[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\PAJU2GSA\www.dailymotion[1].xml

Filesize
166B

MD5
c289456f036089849111550cb5671676

SHA1
c7b557a74f18c22dce0427498379179059cbc7fd

SHA256
339bfd41177809a4a0404f79361ee65494bfff2daf93b1cd181ee58a76c79fd2

SHA512
6191a9052422caa172a2d7bf41a6a98957cf12f98f8897b570d6b1550213b22053a8bd47667c891fb5abfe38548d10cbb29fc7afa9f7fb6d5636121836568542

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1DC3.tmp

Filesize
92KB

MD5
71e4ce8b3a1b89f335a6936bbdafce4c

SHA1
6e0d450eb5f316a9924b3e58445b26bfb727001e

SHA256
a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

SHA512
b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

Download Submit