e9a2d059e1c122e8d18a1363a375738875661e28c67135851b27006f2c1b5c67

Analysis

max time kernel
118s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12ab43eaf0d86fefa1de8f505549d3e1.html
Size

7KB
MD5

12ab43eaf0d86fefa1de8f505549d3e1
SHA1

5f82a4ff802e4e387cee2dcbefb694905cc6a77f
SHA256

e9a2d059e1c122e8d18a1363a375738875661e28c67135851b27006f2c1b5c67
SHA512

4f13ca5ca8723cf54bbb3214dba9a9725353b5a9a6165e7eff339fde4008d2e47d934e411ecc39ed65afd9c514b21e9dea724300e58924596a3ee4566d1c7585
SSDEEP

96:uzVs+ux7jLtLLY1k9o84d12ef7CSTUpzfiZcEZ7ru7f:csz7jLtAYS/9b76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5778FB01-A4E0-11EE-A552-CEEF1DCBEAFA} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000762c310eaaed6c121822d8d790ab4bbdd31b5c2b685598ea47027594d13d668e000000000e8000000002000020000000f9b636aef456b756e309349f4fbd9b34855cad1f1351d08784bae1d4deb60f4a200000002d59bed9fc3a3c65592ef0d1ad9fe5a0b2ff1805955c2135e0bc3645e527501c400000001e29a159f821c5177e47c80fd6a44ee969c76722d2657cb1f532f903d8dd0ba6602df1d35fc64fd74266439602150f70b1565691f532c7bec893ce8c8b0a7bcb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d08ecf2eed38da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409861269"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000dfd0a9c848931d42d991b009955298f42ff6b90c844ff26f131b3c028fffedde000000000e8000000002000020000000675a533ae6507f0a1899aacb477a001cb8abfd1da0013f66cfadae98d3f343a2900000008f46a9289b70953d321479e52a574920cbfd3fd0068d2ae2981e0ddbca39fccf53b7c0a486707722bba12b9f1f6ac4cf106e9bde56f549f955387c0808fd7b22f494c520bde1f5cd51088a71166a5f488952740ce5bbc51a52a9033c408e7f05bae54b01f08347a767fb96537fc38a395d2c6863ca65afdedde310fd4843e213e79dd37196a44e4d56fcadb27bff73af400000004dc3156b0e604ec5c0db74594a11f50aa4adce5a02d83796763e766597a298ff3f0e3b64ca72b05639d5dd0d905b59fc385d102f1653ee6a7f2853e4c8c86340	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1948	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1948	iexplore.exe
1948	iexplore.exe
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2904	1948	iexplore.exe	28
PID 1948 wrote to memory of 2904	1948	iexplore.exe	28
PID 1948 wrote to memory of 2904	1948	iexplore.exe	28
PID 1948 wrote to memory of 2904	1948	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\12ab43eaf0d86fefa1de8f505549d3e1.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7226ccbce7d8029a27171e66b7ab9d2a

SHA1
0d9f3facf68b8dfe98587000d8ae203676bbfba4

SHA256
e5287d17cc629f00de5e858fa7feb4f16338e5dbdd7713585286c1eb18262eb2

SHA512
e6952f12192e9d1a82101866f106f3d800ca85bb48e8dd2c51bffccbaceef136ff925e5fece4416aa41cfee72f3d32af4f7fc535daffa4b240991df4e2b9b750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7cb408082dc2fea83ab2f3a7e04096f

SHA1
9767d16d0d201d3bba71e615e2c3345b090a5239

SHA256
83e10f45217966e0cfa98462e3cf68e5f6bb14ce9d45d9b2ab3353153f6f5855

SHA512
ec0d194561d7f79ac58dc0b63d7b461a47472301df842d507d0914e39cc70c49b19ffa9f0231b6100992e42e2d936e09eec09535238ceeac23ff05ba47b00744

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45f66b0072e2cca30bd30064785a83a7

SHA1
5bc2591716cfbf48ebf598cbc51afb722c50d12f

SHA256
ee6374899e431f654a8ec7220d1daeeb7e965472869c18a3670eb0704555136a

SHA512
2e192df7e8feb72197bb4e6d60bd2aeae79184740c3668c21291f4e591b3c6a2fe819a04ef0c7806cf232541cd27804c467c0f9cf9f14bc47dba260eb35a56a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b515fdf244f06638cd620886683d624a

SHA1
fee22b269398a5bcaf4d2cccb1ed43d74683bc5f

SHA256
87caed7f1fa4622ae86a127bdafc06a641ae46857833364e4b0fc0eea7fc9ad8

SHA512
af370bea337df4ac3f4b2794e470073d984eedf192255b1971c176e23b522a5216df3ae9ff49e5eb88e895ab1da7819ec6255af0b793a6dee15d3846d1156601

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdcc1a77b70d4d157ae7568f6e439ff0

SHA1
c8a253bc6bf5e2ad786fbd9645e2ee046ebda9a5

SHA256
ec0a55c2638abc11d622dff56640bd31bdd71fec2f36fe90526bec4d1e4e770e

SHA512
9d9e5e84ec9914b4ca651cee8405ced4ce22673159e0a4e5db7644f5fe4f35b87656900661d5703ce9d66a0aca81af559e14d80dab9643dfe537d6fd1c2db892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04691b8ebf12d9357f635d4126671493

SHA1
523167266374d518e278da7fdbecb4f12c6759d4

SHA256
f521ced0108e839c1d34a52e44f7807d0db797c1202a46ec89d9a034f52d00ab

SHA512
d8c38aff3f9fda321363200e1614eb00a3ccb047f1c14b5b03cd345d9afdebf20013a0f7e934acf0500e67b1fea6c98546ad32a8cfd521a4c67ee8175a6eaf07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d7dd81efb25fd10fbd0ebee363321ec

SHA1
cffe3445d26eda1e6256c7468c5b30add6166c6f

SHA256
032a2218b9380a07906eb925bc3a6ff422d276273168a2ad3828d76be6412151

SHA512
3f2b56569ceef058346c1549a1f373f84f9f37e2ed28bc380cf92ba7d7355e76100940e550ee79b5638e055c5b14dd0906950c8626830bfb9b450a34ffd16b92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97571f21fbeb5061e8a3b4f10c5ddaff

SHA1
3e556059f0bd0d2b38f47b679863bdb812720fe8

SHA256
321cce5201d8e00daabc6af4c3ceaa91253faeabefe5d284884204632974e157

SHA512
1c0cc4a48e608457f237e23219158ec12622c5a985a2954f2b7b5a469c0b49974fe49f4c2c1bfea90f61a3220c3d176359a835bc4131b2223ff21a59f5c5c0b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c012024955433924bc03aa6128890de9

SHA1
2a5ba70fcf9f1715f7b784cc026684cbc7e67cd2

SHA256
4c692fcbb1702adaec5b73a5e501f9a2adf9c16b22908e8f2c873814a352362c

SHA512
45ab0ba6e6742aff1fd119b68cbeb282961e0b40ac2fdc71dce962135e66a7b1116917c3838374a3b18c76c799759ddc640a784161429f9113ea6681d2735d19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b71a9646c2efd28ac0bb2782cc54ae00

SHA1
09fe573361eefe547bef6803c7e4c647d7924c73

SHA256
5fabf00b4e4757eb76d7f9916cbd11bf70c88112eecdf86cbee9b371df0f8b3a

SHA512
17619affb35f9a4bdf61665a3b0f20c8abf002d0aa02b2689b090caa1d83f7a54900afe432f5e75629b89e96d39c9ad29f0b2292912e6a0b3ffd5e4f95433305

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db7e8cc99a93a591adf63b24a081ed55

SHA1
c806da57fc6041f77e384b7d4993d7807114c650

SHA256
6155a3c5e446a19e6ac366eb13d4a4604349fa6484db2a02e849ab0c960b5e4d

SHA512
6057a0556b6c8902c032b936e979fe14e0b3d1c22d9fd7f172ab5d6cd353e8ddb5bf29f5210c9415977237dda2202f7ef4aebd60a74f37012a04a9d8aeab9a73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dabd32c5aa8575c9feddd33755ef9eca

SHA1
ea3c60c291613d7ec843253b5af7a5387832f04a

SHA256
72f4b7eec4e8321567e583577a15b12663add77bd0d802b93eb1febac31de206

SHA512
293b4095f98b3c4cd4bc86c1392424de64fe11b9fd802bf32b86d9acdc0c0270e230960c97dd76f8303394d8bd2deb2976c08816a7772e618e19bb4205bef4a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d079c816a66ec735501e2aee5377019

SHA1
eed543a0cd868378f9cfa0b998b2e2e1079a8652

SHA256
cd34c4fc5c8255a138a47a49a1269622aca15367735f1a4ac73748e45c7c638e

SHA512
40748a0b5ef6cd34d4cd4e947039efd0ea07272f5055ab7e1000473697db143f2c639ef6dc1a324f22033fef149d5576231c750285d3a70c295f4693aa042d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06318c313790fa06f4ecd3b631b0eb22

SHA1
543342c15f29dd7344ab0ba9d7c1f3abd622bc0c

SHA256
67ec4bbb6fa2b6e7e2c1aca55b6051860e1170b76b2c0aea0286b80a2100c0f6

SHA512
320643c70c99faf094d29ef106bea9af7bbaf8d0e1b9134dbbb597935f7aa3b1c6794d756e7ef48cd267ed0af740fbc9d0c7c355c21ce674686d8178dc2a1feb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
278d0e326acb6be88f8b0f5cf9d8befb

SHA1
ddf7ec1c0267f87c8bc6e5ee44bbb8791cdf20f4

SHA256
486b848552fc66561b08aa7c89441eed1a4b1434c1c97e2836117a3ae82dc9f5

SHA512
d655a774e57ae3e300b9d7a5baf82767f7e920d20c3c237159bf650dd1c2a5ce61d31badb456ede3e8206b53daf5ac900d207558b847e09e7499ac5be59b2766

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86f598f588e8696dd86230f18698147c

SHA1
3e3ba7aee32f6efafb020484da0492abebc8d2a4

SHA256
5a2a6d0660a63364597443ce8bcffc3f88151c8d9f74fd6f8cb90ef05f72d282

SHA512
b40d8aaeb3a6fe0f028e04501cc29bf66f0d2f664d072fd1a470017db189d82cf181cc2898af6372704738763ab40a22960608bcbf8b62c4a0f799ae0cdb26cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5795ce0b050bdfed6837e633154c47d9

SHA1
fdd3c7381fe125a2265d59f2d31f95bb43632eb8

SHA256
4f1ec640adc3edb9c6d22ab3a054e7861f50e14a182e409b6500ccacc6730126

SHA512
a6dddeeaf7b142f6c9581aa7d0ffff397d7407f85f1eb9c72bce6081ff5199daf824381595ad7c4e8797577249c165101cdf1ffb9dd2eefd200dd0d895cc92fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9EC2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA01C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit