e49723d57ff778da07db46a75ad083852f09e37a87f6f0267e63b8652c7b2509

Analysis

max time kernel
144s
max time network
170s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19132e0accc9b2ff525a0f47895abd50.html
Size

923B
MD5

19132e0accc9b2ff525a0f47895abd50
SHA1

4ddbfe5e13eb61659e2ab2587ac238134f571bac
SHA256

e49723d57ff778da07db46a75ad083852f09e37a87f6f0267e63b8652c7b2509
SHA512

f8fbf06cde4fb292e464ac3bb0c9f37989c62753a1e56be11e7b646229bcdad1ca4933e862bff0a113684306859172db6f10891aafe826e4f2a50098b6a0bb2e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 501547133039da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000004b39b86842d54b0608f3d3f297cb8df54fa4ec649b3c9567b6d4a32f54a96fb5000000000e80000000020000200000001837ed87158e4b6f69037ff120b0a1a2cca64e0ec9f62212fc344ca387eb771c900000000af4ca508ac2f11cd042e506f88823e8d5ad79a80757ad5fa95e1e2f6bfba07232fcc612aa878952be44d1c3bd6c3436c0ed985083985dd018eb4edb9250c266f283d6b6675a238eced24bf32f95993eb0ce493eb92d4d390a01ae3c05b3e5a8c6f1783ea2e95b1a7d473694315eec3680da798f93a92a7d59ad8cc6744e2e8acc9aa75b8a33a0c547efe15e6927cd3240000000cf312c28275a1b1a23a35576203eb22220c81a49c4db765f45f7dc8f5546995533c4cc2a477a1362b0972f64ab46d95f272dc21ac35588f38e42696aae89605f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409890001"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000b58d084624d3f5506498ad46bd5bc79b0080170780b7062665affca49aa16092000000000e80000000020000200000005eda41f2928bd17f45f73450ec28d6476a90af310d664b9a5e3d7264a25f36c8200000005ffadeb8d8368e333c9af2d523d281a088cd5cb66432649526755c69cdf40fa140000000fa325f4ef38bbcbafad209355ac0323a20fc3863a9dae37184618a354688f51322833df96b3bc86417b9769ba2c7020bf65431a931caff7dd9398af1c613e825	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3E6273B1-A523-11EE-AEE3-EED0D7A1BF98} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2076	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2076	iexplore.exe
2076	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2856	2076	iexplore.exe	28
PID 2076 wrote to memory of 2856	2076	iexplore.exe	28
PID 2076 wrote to memory of 2856	2076	iexplore.exe	28
PID 2076 wrote to memory of 2856	2076	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\19132e0accc9b2ff525a0f47895abd50.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acb5294b64de0df666b5fc6490b3f3d4

SHA1
c588e1d7190eebbcbbec22c6a371aeb8f91a8a99

SHA256
624cd1d62bf60275e0609f19fce89344a6237a5b2f8aeac211246f5b0de52d9b

SHA512
e466c32b8fb09cf9afb363c01e6a164009d7024f4776b9e010b1ca34acb0b864fe3c4c3fec23cff4954feb150e530064754007eaac579b865c426386e5d6fa7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8dfae32ca9856e6f4d3f9ebf3ce49941

SHA1
c7d274da3652dd88856d1f19354da7f06a4c2236

SHA256
91c59a07b7f2350f3dd53fc79958eeb967e41af560bc36dac1eeb813e8d4ebe0

SHA512
dc22622c09485c2f87b7b3b402b451d11d3fcf17783850c03621899c026c4884002b83205ea9584f2dce8f7c84f45a0c648c65583ac90507f89d14d737f846dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c84649f37649c67a9ce7b3e9712347b

SHA1
181053315e5aacd9d47d117ea6064eb281b06dff

SHA256
de492531eb105d2cccec3442195a7f58a9e6fd9c6bf9839968f53e661ceb61dc

SHA512
389bb3c62d9c2eecd29874921d56c2ed6ae60fb58bc128f62993080edb714aa180ce5b9e7901cd1a0386e43f8c55741fa296c47da771da9b772ba11cde1b8c7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef3ed1e8158874410f2a32d239ce6dc0

SHA1
43f9a5251c33e42d7bd63e2181d4b4751c580c2e

SHA256
4320da866048a4f288c930314180831e37fa114526e4031240649a7e1cc776a6

SHA512
ab75c87d53ff10e2c6d3cfaeb2c7181647b9c30b4634b8c636b3bcae00fcb96f6978d3828b19f80e3718cd6386145d9b65ddb286411b525c2c57c1f0bd95c1d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78a786c0286256d7dc2f7ec9e7953cf9

SHA1
63f452621adeba9811432d8763b656ed19d454b1

SHA256
522f61bcd04e5e74654663dc888540602245e52dce39b61ad4b79569be4f3715

SHA512
1e175edf509ddcf0429807b65910b202266a6fd8680974ecd95d33cefcb8a2114a942d584bf5faa85a4125ef4d060e468f9f9b4aa9e040373c8ed84086552e31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00ec9458766b1f19220468134a287c2d

SHA1
3c34ad5e62e2537c87e10c7a24b3b0217ee16f35

SHA256
bdbe7a9c6e504a06677e6a83968ca4401c86ed86984bfe0d6b372db5af527ccf

SHA512
9b918178bc9502845d91ea6a7745a478d56e473af1b18fdcd0c9709ccafc0c77311ce23964ebc91d621712e90d38068954c785221775e94f37767d2b9a80ea76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4de3228fb7d0ceeb5327cc46ebfca7ff

SHA1
476ba6bbb74e84a095bc5ece82555b0d1e685b88

SHA256
30bc98b9620246bbebcd5552ba8b74a26abcb4567a3c94698a219210abf7c228

SHA512
976465769cab4aa72ad8616033e65d00e65ab4e3af003f8e5edc46779dfba67466011ea12e094440fe5f613a6fde73a94aaa94555a0ca77d47cc48b4e3642cf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69d9d93cd4121910de11779ad15ca387

SHA1
4ebacf63b517c2adecca34287e3d76ac8304d65d

SHA256
834c0e453abc41a386515051b38803424668472dc513e2f9b71a06bf18673daf

SHA512
cb8c0719845a9b80bcf462a54ddf3994dfa48d8f1174f82910e9a23b9346878c7a9c8727c7c32cc6975029d482445f6eb926a1293487ef192d4998a7dbfa8bd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8bf3976f55a54202b8e9f4a2ace8020

SHA1
33d5262e98ccdfb054a87a87fdea06298dfa288b

SHA256
c83c203732dea46e44d87d3cd6a18c75c3fe48a7b86f6af56e925700065264ee

SHA512
0190f04fe06787b1a3b10c3b0d4779af62a72a6a855e43e907c261a58895c901264462e08b73d63c504c5f6a23fca370702020bc25a640028cae2b432aabb61f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bae40fc55b50b24971647ad4312aa28

SHA1
eb17cc0ae2b74b8a2169d5109a9e629a938bdb0f

SHA256
98bb25c3c58b93bd2a490ed6ecd7559fbe36ba4ee286b0145d998a38106da0be

SHA512
7d46d5a286374264a395c5baebde5eab3cf000de50723fdadc71102c15011b8853712bb47e75f5a163ac8f713cec5fd1431bdfc2b756d52c999087dfd0f4e035

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cfe2d8c057319175c08bbe8560ad171

SHA1
9f869bc29196a314672b1d28fc3a467a9c20ed52

SHA256
d6f32c2b565f56d4991efdef039328431b19b472c33b75afe612a9c2c325cd8d

SHA512
08f75cfbdfe7c0b5890c5ecb5d0eaf2a75986447c3f294a99157718c851986b1e035975923eea6bdd9c57d535d02bcda41279304d912a8beac6907748b34b049

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a178cd818b6a88d16a5fe13253d97e5

SHA1
6bd065ad6058a801892b38dc607a3b7a29265722

SHA256
88e27ca938556e28b081ff18f0bc7e4a68feb6499c870bda4e2a14130954842f

SHA512
58b3e05008b0862ac23646ecb45757ee9ba4300b32f216f23965d77cebbc649c3657b5e9cc380b024c6f52082e80681c3886ccbdbbe72d900aaa813fd05da357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67c6fe15664fbb1aa82457feae82755e

SHA1
25625910d3ecffad26625c44da812da0fe95de71

SHA256
24400f5460b90748ef9ac04a2137bd0e769a9b672dd9f10451cee52bf31484d3

SHA512
bce6a2b80809fb567afd76764983bb337d268c44aa8417ad4c20aba4666c4ad32ba4a3af99bdfbb0861b618b4fe1224735a717b3769ec7473df4403d44024423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee691f9c2e098518fd702809c7c9aec9

SHA1
84acc6dee24d81a0a143c701fbe089545aee943e

SHA256
f82bfac99265f31aed0fe311a0a27b5ac42a4ad3f0f9d9f7ffe487f45ca523ad

SHA512
b63881dcbab86c9ae2699f06402672a9485f0f315af2e8dac60855828874aa2dc279a74d028950f215d5a807b2b7807e9e05e855acd860484a6848aded6eb041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f0e6658575919b315af86f0e7352d69

SHA1
929ad911312b6e54df192e0abce442b9d93814b4

SHA256
18c5c98214812c8b084d1b9eefc556cd8269a9af9a5e0a4ef035149308375cd6

SHA512
3368c5da69aef5cfb23793a4421bac762df1e7bf22b5ba85dd043763faae0d9f3b135672fca15b11e83f65b67b804cfe8395f6c2787ed874f4d453df8d10cec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5cd6ff227e6e29efffecd286a34a8ae

SHA1
1eb1978032ad9b3031dbfa3c7c85e5fffc06832c

SHA256
68a4d9a812dc3ae472983e883d4058d33fe2a0f1c0c0f0dd976a4082fda68a81

SHA512
5c771fa5a6472cf2ee5f152e95c497c0ed646dbf48532dc33ff6881581d93590343a02b37498b6f4224d95f87119769574681495c582a18f7158fa6400d517e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEC65.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarECB6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit