dbf653e2cde716df0ea87a01beabc49f14b47602177df1bfc9c6299646ba6daf

Analysis

max time kernel
140s
max time network
157s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

190d3736770879898b637c123bfddda1.html
Size

26KB
MD5

190d3736770879898b637c123bfddda1
SHA1

8e51ec3022351c4f58fb05e171a1420980a0bfb9
SHA256

dbf653e2cde716df0ea87a01beabc49f14b47602177df1bfc9c6299646ba6daf
SHA512

f99642950abc9503ae7da981358e63dd462866ff9429dc943bfb973d3d4cfea75522e86ee0630813a5565916665555be2c55e6300b0c3f63587d269c895197fa
SSDEEP

384:4+QfPFd9QZBC7mOdMQIBKfpC5IgSnbmFe7AcBI60kkJvAgo0iuAtPd:Zcd9QZBC7mOdMQNpC5I9nC4iIP0iu+Pd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000047c5d3bfcd22ccbf93330e3e0fc0d3b41f00726703cce936e4f0f86246f170ac000000000e8000000002000020000000dc0d824d2a4060879391d74a3c4a0fe62e936683fb9b92ed4161e60531a6531290000000429e820b0bcd4643bd9b6a39268db475818bb11c348d7f98779ed38c6bb00daaabb88d07a532fa1ab6d94a533ab7841174168ce668e479eae0f138fe31d6d17304338605909d7e2f0d5ed3ab3ab6ede0161ca2356a8cc587a5f7cd95a7178d3998a56ba3834f62471756f9aed3eba6a89299027e116780ab2eda57f2a74d46f10b9a5c70d15b38e670bea90ba07f6f344000000000fe64f6807741ea998e4a2745fc55d2eb1c7be897a8fca984b3ab6f90facac6e4d95433f7ef42fa6e3ff638d43474ed4765ab3601408652898a64c6bc4af814	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E99262A1-A522-11EE-BA23-F2B23B8A8DD7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000001950d01176cb931be63d34dc1394feb40a95de37beab06acdce75067056593d2000000000e8000000002000020000000dfbe709f5056d1ab5f0345ea6cf2ab89441f742967626340f5459a3ab548149520000000c7c5269445e9914cca8b577ef2d45d307d5f544729cfac31fd6787101f5cb13d400000006e0dcb00cb1f7140e46d67067231217c764bb5dca77dd4467e092521b4b329422ee0ca7a6c90a94a84c051fd7984294c8b2b4294dd0a4dee8c2c7fd300016405	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e004a6c12f39da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409889867"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2912	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2912	iexplore.exe
2912	iexplore.exe
2876	IEXPLORE.EXE
2876	IEXPLORE.EXE
2876	IEXPLORE.EXE
2876	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2876	2912	iexplore.exe	28
PID 2912 wrote to memory of 2876	2912	iexplore.exe	28
PID 2912 wrote to memory of 2876	2912	iexplore.exe	28
PID 2912 wrote to memory of 2876	2912	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\190d3736770879898b637c123bfddda1.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d7c9626154e0d2f33f0a8f0da9f0505

SHA1
425b325a7cdffc091f999a5ec85e098621453b9f

SHA256
294e14173fea38db39def0470a2072644ba6446fe28ce9d1e1d4daa01481b43c

SHA512
93905458324d6d4eb99b3d700ef836a62c50b8820ec619a4821c5c692984bf0207a506f2a3fb66c3293525a23a70a6adf8095509501b7c203eeb299e5da53535

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fe7f058f578bfa40d307215757374a8

SHA1
6c15fb12779ed506c70660f4ac3bc7db6c6f386b

SHA256
693502b3cc823928c89937b6f54c3b76abe0a1f199c0eb4dda2fdcd42902fc04

SHA512
a325117c09891b12627d4a212c0bb64e35d0a4dd5ba407bcbeab1f700088495e9952d12ce022fdad349709921996d84ffbaa08ffd0bd9ef615035d06be6688f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff95bc01f1a6f234baa4c0edc0fb6eaf

SHA1
af21b3816428b3201a714323f27dfedcf5ca4a03

SHA256
a932ae80201bb0eaf34882a2996e49cfcbe1b25cf891f7198dcf59d4c724ce4a

SHA512
e1c70d1e6315d5a712cd422cb4992bdd57bc4718d5a8641f6db2b4e2922c6233ee79a75c0c17c5757cfd40a11e6810bcf40097abb1d76f7a8b8d55c8356495d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34c57d1ebb4320c25966189ac05f7153

SHA1
d4b2936f545bd577860d4ebe4734f3a245cf4438

SHA256
9df80c05acc5180b03256a3e45dad86ecb41473cef1d4e05fad6141aac56e4e3

SHA512
c7074f056b738e44cbd393f63de62e50b077709a46a0e44dce6d73de047c4f496cea064040f67c585014775fedc6f94f0b379e6efd5d9314d5eac241ad5396de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebba2b0b80260407ce2b0a1e58553212

SHA1
60c359437116e3b9dd76320b13b19864c3199b24

SHA256
a8aad749f52de89e0132de26b0bf476c579f192ce2c5223cd3dc086c63845bd9

SHA512
7dd4e353c0f45038ef31ae293325fad75f1fd4eb29f67bc95963c5eb191050345fe5cb77dec7eef6c22b8b15324c014ee3ba35793689b5b34510910ce95dcd9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a6ecb74e74a7805ff23b3ea22ab065b

SHA1
aa5f766583ab9febf3e68d9cea54c1354d5fc22c

SHA256
0e99e02f3d8b266ca4a4efeb8fc4d41d9b1b1effe018655fc5dcb96d87243453

SHA512
fbbfbc28bcead5a29910bbb9d3100f5742653c7aeb3f02a8723f0ae1d1f1250a2bd9878f61637ae47fa6875c591676e950fb90b9265347d4f924de0c6b6b0ee4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ce1f4e61b4c85d5aad16fd49037202a

SHA1
a8b90c59b908988579c27fb97a7bd6c955b27d2f

SHA256
d860edaeee8eb14d912e104fc47d3559cec6aae0beb87544d7cc5c305e6f9b6f

SHA512
e433bca07a01ddf50f9afd69447e6e8a40fa7a1aa2fb9600bdeba51275366010d59c10f5fae6b6e196933872b29ec6920b60bf47b4428371bf6984173cda1b88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b98238231126aa17c612560505daa619

SHA1
983ea473d77ea91cc0310932eeff9228cf4b583f

SHA256
6322166dded985ce2c0c298e040fa2471f3bd8541f14d73a32c6f34a2f4163e8

SHA512
f2ceda429b7554e23882470938ad60c13387ed4b14f050243fbc8fdfd1be679b82cb1ab3a1fb3791de0feef9446d13c7b593a2e842239f787d008732384137fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8a997e596bd56097a32827af2217cf4

SHA1
dcd6c634bc8423c9d38e24b18541660c5081b5cf

SHA256
fa35f6d6052a4d4e4e6c8461e7fb037cc5cb3514715c5bd4b55439f11ec78442

SHA512
145eb19d9f569ec87f389391b7867db10ac50688fc0fef356efa3dd076701f1cd3167feb26da78882401aaa66c0416cf022fcfa2490deefd75d0acc4038efa40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e5f5eebb7910e6333a7e14a8f7c7e67

SHA1
96503131e7faa7cc74f722f962dca796d20b0d85

SHA256
2a7021257854de79855aefeeb11aaf7591dde46d74280332eb4e8eebbb06eaaa

SHA512
326a3abc72d6a458353217eae98934294971ce5ccb8d8837ab7250bc8ad4dcd643969c67641fc5342a9164c14e2783e91e4d7fc42e740c60e89365784066c47e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0e1000a147b499a00f96d4fb10f1fa4

SHA1
b20658b0f5a2921e078104240bd43821a0d6b928

SHA256
a6cd2a9fa0d0769460b49a2bbfefb78556871b1793fc49fbe8bc8690e73351f3

SHA512
ed04c66b72bb01deccc89d960b2a1e40127506d8f6d3f7f112550c658f42e9ab82126b95bea577aecc864916b53f87054feeec3f75a890131e997389174ae7d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2163b3845b2bdbe3259c539d5f9ed062

SHA1
69429e6039eccee1d57f4c1d0460bf25a978da00

SHA256
494e3cb49bdb1963fa6ed5b06dd1b77727ee901e55d61789fe73eb970bf83108

SHA512
d473261dcbf0684165016eb5018e41776d5c8c6757a9185eb2b3829006fda743887849cd7af86853fd5f364ba16a8130d6a65fd60d54dd7bf25414b6f6626494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b7f599ca39ddeb25095c12fb1bc2eaa

SHA1
9c689cf158ea4f673ee84cf9952aca5fbf782a81

SHA256
d2a8bde884274e7d27a5fb2540c71519d944bef9c24990678aa3a870ef4a36ad

SHA512
5329ef007872e4883af8eae07757f11be5524ba2a62962397b26b0bc5752c5c269309eb4e8cef570e0471361a968f6c662654a38fd8641a1110c5b272d4f66ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da1c7f72938e8238ea9f64e2ce6d761f

SHA1
7532dcfa0cb41742587364dbe2d2ac017fd4ab9e

SHA256
20706d90770b16d8aa9b30677612375d3c329c9fe64fcde7c5984aad30da2062

SHA512
6e2ce078796e264891ac379f18613a0267fbd8f1b63027f0a1d708d25280869f5bce2bb5230998fc670e834a8f59753e4623f4e3fec0811d9e13d99601f5468e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
463cacc3c734dc97510be5125d498db9

SHA1
9fa393d20a7fc94476e20dd01ad72f3f693ae8c0

SHA256
59cc5c9c8546e8bfcec950b76df020f42d7c8c9b06e3fb0652ff68550fd470c7

SHA512
2ef57914863ca61021bcaf08bbcdb46deffa49df28e20b9a9ef1f4e104f22a75268725d3d49281c093b3a1a91c8613e8cc26521ab4daa623e7703475945fb730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a52d29f08b7d2ce18163a324c7649c0

SHA1
05bd692eb954d24e75bfb3b6b5f7314dc42970b9

SHA256
34aaabe0d559b9a7a6fa1bae9ddbf7a2307cfc5ad851910de8a03c63aa118fcc

SHA512
93709faa618fb8aeabe98ed62caee71975dd8859d6cef0578b1236fb634b08d9bd52a353778aabc0ef4b3c39d684655be36f5e274a779c7e9b99ecbc731695b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC130.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC191.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit