e9ed0379398b77b7774b1536b237808184cea9a0fc8a5c9d3f9380a7b67d12b5

Analysis

max time kernel
146s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1638c123bfb0f3cf7bcc3ced7a9bdda1.html
Size

25KB
MD5

1638c123bfb0f3cf7bcc3ced7a9bdda1
SHA1

e2bf6c80a910e868668133743476a60fdc473d87
SHA256

e9ed0379398b77b7774b1536b237808184cea9a0fc8a5c9d3f9380a7b67d12b5
SHA512

109ee1545019eda12462902b40e8adb196094cf892d934fd396abaddd2addd1e998b36f6880f7ab1ec3f6bb178c0bdd1e492d363aeae6f3625d53bcb138f86b9
SSDEEP

192:3ZDqEuCo60OBnod1oQvV+p3PCTjfuKNiVZ2xJq8HOya1yUVV7lvbFSn5Kcyc5jJr:pOpns6Zwaw3wmg/5/5N

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D1E2B661-A382-11EE-9D5A-6A53A263E8F2} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f09e6dab8f37da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000004c864a79cf2d3fc90f5f75530592756b10ec8170557a2f74aa941827a3e24cf7000000000e8000000002000020000000a97600329caa12d75c753f14ac38e5a1db375d46993b71cf6f59cc1fa7dc9d84900000007c59acc9d71e3625361c400cc7a3d94dcd97c0c1ce520ffb1de463eed32428ead01fc5f1cbf402b7cec3c6784cefbe42968aec09b854b6c6b31cb3ed7aeb61ccec27b0173c1e417fa69c3666ec91dd0d31ff37cc90292bc86d56dc9a7d782d03bdc594a5851dd2770a50cf929b662def737a143b8f5ae7403129ea29b23ddb30c682fffd3244cca0e67be7c9b71f33ec40000000043491e18289193c6f371a46461222c77ef25a47c1fe7845fdcce822e1d1d6b08e632d58f5d2284e14f67e0e8a2dc84ee6e75652a21b3f2d302b910d704678a9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000007fa02453a948611e43bac51da43bb9e2360682065eda4cb990935aa658251a12000000000e80000000020000200000009622041a2f9835544423cfc35bde69deeda7a5a16122bde18b714497b28527c220000000f848704fe55424ac6e4902fe66000646c37c5c3ae8a8bd28151383f57220ea4540000000876b1d029cc922bff83d7ca0fa41a839ada54fed963d7f2b9ad480826b0520bebec444961c5de5c80f66c30f502c6c76261efcdab49978d1d72b2ec821cb7752	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409711147"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1964	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1964	iexplore.exe
1964	iexplore.exe
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1984	1964	iexplore.exe	28
PID 1964 wrote to memory of 1984	1964	iexplore.exe	28
PID 1964 wrote to memory of 1984	1964	iexplore.exe	28
PID 1964 wrote to memory of 1984	1964	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1638c123bfb0f3cf7bcc3ced7a9bdda1.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07b77c959302af4208fd5e2effeec318

SHA1
70f9ed1cb1af9a6a375af00fb296aa5e2cdbaab3

SHA256
92a5fb3fe9da19515dabe57c6df5d93bd75b0a18300099313224a565e05c2087

SHA512
6331979bef3be9e042f2e0189250415b1497c7870db03ea84e77617b952c3b7e2baddf27ab541df70fce1b042aebe186f236d520cfc288b555b3f1ed15e810d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd20bf31f597fb1371b700dcdaa98e6b

SHA1
ff09c667ac8510dca55a714eb1e697c4821dd454

SHA256
f42faf9ae345aa147bb9565f5f1c30a52458b363920f40c1d789edf211f081e6

SHA512
f8188071c55ee133acb3568c7c758ab1b5119c2219891177d2290642bc536ff12d2eb5647e4902efda6115d8c8d4a4659d4fca63accb0f73aa38b80896e1ac23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c841dbe81bbea7635ab8f9a6f13a9692

SHA1
0d24a8d0b62bd4480d40c4d710696c01545e4923

SHA256
4b71dc0efcd272ceedc9bb1b7ada76b74d8982351b0dce4b905ae8593b5898d6

SHA512
d1d83161edab536c91a19f7d551e5f670b7d0b17df3872fff26a55e0015fdff66de6591e5eaf84e92d13534bccef0a5864fd8803c0065d3825b7664c08ab00bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22a4b0e9de23b1d6c04edbdaebcda41d

SHA1
2e8c4e4577a9f800c017b959ef6fde35fcde8189

SHA256
1975ed788fbcd07d7405abb1e8f9d1aea51c145180853d7a409ba6e9c2cc6e82

SHA512
82260dae9c3f043b9e74637501345ac12d1d1b2ece48cb599494520d8c2f36666ffbcd93aa0d2b63824de234bd8184c3ce4919cb553c2b94bf854876b1ed791c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9409a1798ab9cbdc277791ccadb2226b

SHA1
0e166aaadef674977a432e17cea7ab74670c1a46

SHA256
6a046ba1b3ad888f25ccdc270f18fbd5debec16820049643b7ccb086aa4ce2a0

SHA512
b5611cab132ff95d8f35f75cbab3efb080f8e61f6e9da85559f73d3fec7923f3b108761898319f191eee8527b0ce5a3692b64ff02798f39ece638d3fae2cad3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f293b4cb4ea5fc2fac7b9dbdb9ce2e0

SHA1
3aa095990dadfc277cbd56e1ca6674f190789a29

SHA256
251214cc57af0468072d1c7e2dd78c16a512153c29683f4d89d9bd021b28f726

SHA512
a08039274253d74014e89596ec5a3c1921b5a02d04bebf6dd1a1be7f8793a6462e4144c955bba103ab4f9b74c2f26fc407e03ee01d1e8432e9905f6397db3a96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c92f3a9b170574b5937d711308168e5

SHA1
8bf5a22c39116a650d65bad93f12b1cfa2b4dfcf

SHA256
c51f7b909acb6378d6a0cfd135e5af2e5da2412b06102fd9115d632556c49216

SHA512
1dc3765719207774e0adb8b5fad2d03224ff85b0f39efa742dff2affda17b096a9a0e62969679c2632f42b50b2a58e82cdc7e9b80d94f917e82d55bda818e9a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfaee9b2f172a72e9f61fed79398cbc7

SHA1
56c050e57b946a199d93275d707f83f40a43ec90

SHA256
4b093593a2addd8769cc1ad2e66fa59ef2cb02d72ff623c84a402ec8034147ef

SHA512
ad23a352372d9b7ff8682a34c3850e1046feb0fba20b921a3e54ce47d237d5ab08a65f7b3ae3dafa9d936aeac84d269b6fd2cb45bd0b30b503069d9825dbab84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97a3b6ef9c5ab9f910bc05f4356733ff

SHA1
5552de39f3705f644da0a0efc40f23356efa867c

SHA256
1aed47f231b11ac8d31314a10c0db43bd1d8fa8e114ba724e9a72ee76dabe0b0

SHA512
04190a42c273ac091daa2440ed9ca824a0ffbc3b0c0d7c0647d7dbff616d9b13fa39df6c61eb4b30eead01efbff8426c02a962273b4c55f74acf537b391c83e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e082312ba45adde6444b9d8ba4df366c

SHA1
74111db92ce364690886d2a08f015df5543c2224

SHA256
cab897622a0f2a11a2840e3db52edbb57a73904bcbe8bcfacdb3a1a1a09e3422

SHA512
ca64e73655bde6d049a560a81fe27bc0955e5fd1ec7964347c000dcd2ad37da552519a77a38019e00aec4b832ad7f264abddaf351d4af5bc20160913deaf7f47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87efc823818b9fff2fb300bb6cebcd24

SHA1
9d1c301fa2ef455f47c3b71ef58edb6237b4c4bb

SHA256
f6172868c6f538e489d1ad1a8ce85374c6b4d444406dab020eb5cf51da88b5e1

SHA512
39154f53b6a543af6bdf2993b023cc23a73940bb55fe1d0b934a9b8aab40a3bfd2efe4506586f3c410b60c1c295d1e4553105a5eef34b09fe9e15a338a883782

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
468ef7b129a1bbb7eb08c95f4ef79e2a

SHA1
49624a09fb9e1249ae6d1b4cfa672f5e99abe5e1

SHA256
da439b250c8e26494447331251c372e2fbd9861811998918e2761865cf716e50

SHA512
28aad261ea14840b650dbe963282326a3a491dbfab745414ac1958213a5b38f5bdbcbc1dfa2c2f38217fa0d7b3215cc64b02c956e89d5560472e006515d717dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cccb55afb8168c2ed6d704f9d9a88264

SHA1
3bf0cba2f9e637132d267ce90daf64291abd3fde

SHA256
14de4c4fbd6c3510a663ab284936aabd305bdf4862144f6ac3a8f9d2348cfea8

SHA512
b248bbf4c59de4d058129d93d92e293427fb80d0d46cbe2c384773369c406faf556aa18bb16b4a1eb7ee2618636cb821da774428bc8c40cbb247d9bff983d1a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf2734a92a9585aad9ab87316dc14406

SHA1
8d3a095820a73a1c15e7e00e58adc175bea09a9e

SHA256
19da51f29b30e157cc464b2af8b07436063e6b97bbe9f114d900f07d0bb8cbf2

SHA512
892ef8b067033b1c5eb93e35a76294e75a99e4d92bf185cf817356878b153a042661dfdb90bc028af889698e455dd9b6dd742b45df5171ddae99a1c8a3bfa0a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcf2e51fe53b7a8cd01e357bea80129d

SHA1
2e68fde97f8481999cb10d345e7e2f70bdae9517

SHA256
4b9dc06f06f746d4a8717f74db2f83cfc4db99721debd2d70a43d702d28b84c8

SHA512
ab9cb6023c08d01fcc67505d4bae1126a9213f51e0745fe12ca464ee00e3f97b50483b8fd0bf4309f766d9d45fca3aa6fc8dc5330d571eaa761984c51ea16050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67e52adff6137c3d5675d547f1f71619

SHA1
ee962748cf1ddd1f65eac7e844c8d0efcd61711d

SHA256
1580ab64529001cbaccf93f1d612d9eccbe101c5da5b3fc0d397b6a2f38fd4cc

SHA512
34c7ce3aa62ecf54d92d423109adc12038f10fb3c02fe6c035977b07677fd47b69c57590a7e81594c9a0b8f22a76ec172471b27d41930e9c6264214f223957df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
557db03cd2ab68d8310284103b3f6b7c

SHA1
d1eac87fa32ae6ca22b8db1a7009d96e41761754

SHA256
257f9427134b08078dc9efee2bbf61a99690768d47ed14df948508ca366477a9

SHA512
684c03501f25e619ceafb09d576bde032899c5e915eaca4cab11bc3dd16df4a9472929cd80352ce97e88d3b6a8f8f6a5c5c4ce76fa1d8ae268b1ea723ecd812e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9D79.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9D9C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit