8f520fa4ae5c06794da391924b339f74be640faa428eee3e623e64f75f85097b

Analysis

max time kernel
140s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14dd4501e46eedb5de643604b001e42e.html
Size

105KB
MD5

14dd4501e46eedb5de643604b001e42e
SHA1

09893d31ddba8a1ba3825a0d7f620d6c1ce8cd6a
SHA256

8f520fa4ae5c06794da391924b339f74be640faa428eee3e623e64f75f85097b
SHA512

2583f13b7e36b9b3dc666440c24adc25d19445bc1e0a415de1e9a7fc1e86a895f0c7d21081d495e076911de7349c025a3677a0256ecf155457cea26d97ff5f02
SSDEEP

3072:LyLFLbnckaYJN3McZf+f9Zqn/3eqU9o1z5:iFjsC

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c0000000002000000000010660000000100002000000013d2a57faa072a97b0fc1b1ba3761b232de74f8d3df3d9daf38c0d98f54d3f04000000000e8000000002000020000000d48a776fa9ca019536cdfcf1705144295f715b870f829f00cb2c02e3883c86d49000000023be7044f27f55fc578e722c6d5b374f83f32bd725ab97c275ed59ce78145657bdfc98bb2347e099349b682685c04b4a737f3c54ca6a94de022c1de0296efbf6d7988c6abc118afd0cd2929569075d62642e4ba988bebe1f012386a04cb18877cdd349a7066a0713edbc0537c1630c145570233b390020268af7dd34ca4b3fee19342a6e18263005ae538277f093456a400000000cd604157267190f25e7584f6a3d3eae3b50a057627a63e3bf8b2638e48727bc165c9c67f3d1d78cd0e21c82a9fa4715991f5c05e49a10ec4f9ab5449e717d63	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000c3b700aa00b1c63595ca3684fc46878936f348e50ab2b467c4df54d88d6a9dd2000000000e8000000002000020000000b1df063978aa695681097e10d458d27b416c95d954550d0165b36abbb7709917200000006596384e923c1e0b7ccfca44969c8648fee245685926f0207d0e1bef1f9b626240000000ec3ac18ff9f5800222b4ce35bcf86aef10e7627da35a880258b7b1887cf001d8d3d276ff9451c4dc9a3050b1742d3d2cb8f7d8a1a974b577a6f68d96157f220e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6002f0af0639da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409872187"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C3CAE4D1-A4F9-11EE-B696-EAAD54D9E991} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2688	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2392	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2392	iexplore.exe
2392	iexplore.exe
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2688	2392	iexplore.exe	28
PID 2392 wrote to memory of 2688	2392	iexplore.exe	28
PID 2392 wrote to memory of 2688	2392	iexplore.exe	28
PID 2392 wrote to memory of 2688	2392	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\14dd4501e46eedb5de643604b001e42e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5c2c82823632bf940eb39aebb91ab84

SHA1
0a2e8e408d58129a8e3670025ddc7ee4d9c53bcb

SHA256
6f68192e91c25c9a9a0b8ec6f69b254554a29a812df26c113bd15e939aff563a

SHA512
dcdd259058bcba721cb979004f4d30627de91741cafca029e579305387734eceef0f456da65558a1efeeea2700371f7269aee9a6684e6fb189c4a101bc28a9bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
206b5fd88206f8d92f155a019e68a2ee

SHA1
4e70848ff20bd335bce74206eaecdef9dbbfb98a

SHA256
262a7ca04465cbfce6aae54e21406dd571dcde00aab5086a7f9f1b1722c55fee

SHA512
5428fdd48b725aba10e1fc86cb8142ff15ac5bd354b0bfab1280a7f6eb6132d20228321ea304c4f2b2195e456f41e18ba60f50946301f4b68f5cfdf8fe02c230

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0d8d2132670fdba623e2debde5cf502

SHA1
b4534599359537528cc770cf5eeeddbe4879c13e

SHA256
75d1bb3721d8ee0e4a399b9505745c26111740ff861c15a4e4a4a43f4c2ebf1c

SHA512
c630c83a05e42e168f8aea34fe788db1ea3637b49eef722292feabb99aa819f58e19a1e7cd8ac4166f263ea72bd2a1b8e386a44e667d321bbf17ec11688e3586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
caba7187986f1ca7a8ac8e1d9ecaf6b7

SHA1
afa22d012b0ec60f67edce13dc3c51e34bf1e9ee

SHA256
9de4d237c8204841c841a76897ea75aa82947da070eddf3e88a41565e6697779

SHA512
10d71a8baaee3c59a1e5b4ce888a46f1439b94e93a09fcd43fc28ef6f55ed8b18c679fa58f31e23afde0d166ae1ad6d0bd1e03f053e44bd5c1ee5428fa472844

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c97e083803f1d5f11f076fb3f1643827

SHA1
93c3064ffc6b8939696a3ab4a4be3a763cbe80d1

SHA256
2d56825f8812e1405ae275bf145600091517fa71ed5b49e4c404c439dc764829

SHA512
caae2d9b6a6a89e6902a1a9a6bf1872e899d041fe4d30524a5a7b6620ce177aa026dcebebbd0ec6a637c9e191b07970fd62716b52d9f4cd6f1202b98ac9341ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5169c5db1105213ac519786abe11bd4d

SHA1
e56e274ffa511a0efffdce097d32772a6f4b77f6

SHA256
5e03c7ca709e8abd9d95025f322c99878b39e298c5ba21b246109e7072ae2ee2

SHA512
a54c2ee0ef1b8e0a3079c4505c02f4bc7bb9de124781e2cd86b96cc39ee3fb1b47cedd9a867b52dedb4412b8685745a4ba7b4bc3b40e6417659657310a2a39c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5daeacba822f2b3ac7528a4d73daeb8

SHA1
fae11a98d62895766f82bd856b09d061a12114f3

SHA256
23d2561248472caa1339d424b326ab70363162baeed8461cd869b2b58d334f48

SHA512
53a9928e332ec82617dbb2a51fc4e4226cacd502c2b4e669a1402dc7ebb9f2b07667e31ec7ce1cff52893b558bf636b0285aef11d34341edcf6ede51f7cb03fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6b56b4afeebe3080b6cde15efbe2da7

SHA1
b4b250a0ccb5b9d9b831680944b93766d8555d6a

SHA256
71bed6cd93d34ebe496ef7897dce676a24ce154a1a0cb1c64cd873cbc912ecfc

SHA512
705130ad79bcf9cb369338d81f5a2ed9b3149da17735e842af24efff3b781576c7262dabc54eda2a930b1c80fdbecc12950a8f6d391148d41ea08a12dc74d7c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af85eae9ec89991f926ec1f9dca4a79b

SHA1
b39a40a5874d3056fab6e1c54e1b68e530a0baf8

SHA256
6361e47032c09dbecf79610967469f0a389fade68ca6e7df6ada46f3ce37439f

SHA512
5384f25461b901e82ede5639b66ee993fddb61d2e63a3c692d060c65c89c171693d7ed707b3b496b5d5d30eb0268f5995057a0eec69d3ce988e7647659c97b4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bcba02f63c61ae07357554302864f40

SHA1
9f9436d76fb23ab1435c49057cf5f1015ac91353

SHA256
1d573cef78256eae8dead78523e5947150887d1cbb00615a599c4134a80ed9a4

SHA512
68691a69c642bd3e254099ad5bfbc9b536399c0f259e71a890a4414e5cb25b880b8d6af60227dc1501686d3e00834013ecd44b4bf9570474fe32b3b35c7f7c86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9b62df15d2e22b758d4e17436ee191a

SHA1
2e544462cf78d00114b39355f8c2562dc5bfcd02

SHA256
0710b367a2103b968380015ad84ddc9f820562625066b4c75a157c75e99528b0

SHA512
70c7c4f09df69d621dde9cbae9d9cb2a24910c21611e8698245a47e4503059cd15f1f2eade10dfa12b961dd39e51f08084e2939fd78840a574faae4061ce2c2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96e0eed73b46448f3631e4b7e74191ec

SHA1
503b8801d2a5218205103a2a4a05b5cdacaf519b

SHA256
e2e207eb6120dbbed5e6e53fb88caa514a3c7086c1660ebbda3615d295ddeb64

SHA512
e72af95317fe2c4122471a57ea517b52077287e963a535ed13c64d40d697f0fa529decff76f647058660bd797211f6f32aae5013b88b4ff03177709616bab1f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1768640a2d40a83a8c483b72868e9a37

SHA1
b133e50724bfeb157318b7598710a53d2eae2cd0

SHA256
efb47567a03746075cccd3be9fbdd1477d554c3a3753d9eaa35acb6efc88381a

SHA512
87ae59e4266b2ead1adb2291fe9ac130bcaa6772541992dac6ed34dd6d74473410d3afc976d4322849ebd90378433ac345889ce6f3319d48ea6ceaadc9f3502e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
609cf40aaff33a186231abd36c734c13

SHA1
a092e47a1843a6926e9a5e34c4074a071af51b74

SHA256
b884a9af123f5b5e2c891548142733e7a44440fd84018d631fa2abb322c198c7

SHA512
fc6533dcda22bc35cd7e5f1833d50ede46f3a4ee7456bfc1bf256b183eef502884f15412283b91100c8e4095b3938ec935c2054b2b527b001625df4a27f37b3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74f797cdc9dac2f2a9b6153a3f50b36d

SHA1
fdc397805b97de0e132c982f445b7315d1ac6396

SHA256
92749842bf0951440876925ce5b2c57cd428f163802b7dc759cc7c8e39560044

SHA512
606225d23bb58fd181058b250dd483da9dd464ceb8b44caf850403f92a07bcfca730f3b47b6bcaf63293cb56019ac40aaab240e6fcff921b16161c8f11b91f1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02c753c8c23e0fc0fc36054b518f35c8

SHA1
e666764ba2a71313ddf7bcf23066bba2b90dee4c

SHA256
14868f2a11c80f1163d1d35ec58aa767774b3fc6a100ea2fb9e32b8a4f4771d4

SHA512
c3c5d387b657797f63283c285ea3c52ac610c79ab04f583088e34a9ab6053fbeda322e844f70ddb33350c0e1e2cc461a4015b6adbc57a04b5d528dff11cb79db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71f72732cb0e6d70aaa2dd7ece9463b6

SHA1
c85a044ac5142d175bb7a06871d8007f6c43681f

SHA256
85315cbc282f5afa41efcfea7a98a24a19e072713665e4d01abca98b814cc90a

SHA512
99257d119e22e6d69d4a6b7d64090e023213113af5445b076059540fdda29b9fd3857e006c0576dec23d7f35b200b6ec61625f4c481beb6836c39c343ed75810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5ADE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5BCB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit