3905b82f8ca22ea4b1e535630efd9619a96809eeb898f26f2d3de8d9a5a9c3b6

Analysis

max time kernel
1s
max time network
166s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

182b92b4f0141825ed66d7b19fb73336.html
Size

11KB
MD5

182b92b4f0141825ed66d7b19fb73336
SHA1

8d85607dd8d6bcd4e353076cfc91abd088ae286d
SHA256

3905b82f8ca22ea4b1e535630efd9619a96809eeb898f26f2d3de8d9a5a9c3b6
SHA512

0a3d114f6ba7512705912149abc38a544d3cb1b2237d98cbb72796eeeac5c0073c078e46efdf75eb7e1858ded2c2708edb367adf23a1e36d804cc1f4402de0c6
SSDEEP

192:mEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEErPU0tL6AL0AKtz:mEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 20 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E2D28671-A518-11EE-9028-E6629DF8543F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2496	iexplore.exe
2496	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2500	2496	iexplore.exe	19
PID 2496 wrote to memory of 2500	2496	iexplore.exe	19
PID 2496 wrote to memory of 2500	2496	iexplore.exe	19
PID 2496 wrote to memory of 2500	2496	iexplore.exe	19

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\182b92b4f0141825ed66d7b19fb73336.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebeba3504c8d9a60c1ed8718f7ecd016

SHA1
ba147a0e44ee419d1c785f69dd0ff9b217208f71

SHA256
fd4cccec8e2b11ca0a7df006c03b8924036911716b2d3ea9b9bcbe055ef33785

SHA512
fc101942da10bb2a5bc97462d3f8ede4a7f069e4c91dd9c1906a5dd9d56d935d4e24847ece75b6317ff7f721b9d35cf734a333260a175d9637be46cbec6eef43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6a68757fb7cd1c9c49554828a81e3e2

SHA1
d3651ec1bb74969d02d845286baef3f26a4826e1

SHA256
a1160f489f94a8e5a6b9a01a2289863898bae7ca09a3d20a5b52fc1e97144f86

SHA512
3d4ed0253911d312354dc76ae58bbea1039e2153f6912294b6fea978b126157b8c09cf871cf09f1e7726e2aa7f4e2874372d4a2982bd5036320d45f4d3d09005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c161791f4cd7a1357516d6833b4f18e0

SHA1
139f1a4c70bd594b2bd8c1c02540421a8250be3b

SHA256
2dca1858ab26deacb888a808772c5d4a229b174a453f0be1032993fbef669647

SHA512
1b8f0f914ac583b0d384a4836934b9fa70d44214d4745b4bc24b668a4525cbb68e127b441874fa843af3020179f9a01912dd8414f0a0bc9a5e60576ed0bf1215

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e02da83002a566896e1c433a16a0bde

SHA1
bf66f8b5c50b03793f56ef561d4944ababa70c96

SHA256
3729dc29147f2abe0c6087f09a57e87ea12e6864088f78885a0a16decac1003d

SHA512
18ed4509230afd04dbc5f15283b0d7248b4e2ea0dcf772f800483b06bde6130583cb27fedc5030eda5dc6bf31ce2ae1cb3fddfead6ab0c785ca20c2bf95eb602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9ea78a100781b3ca902d0789531c305

SHA1
c91784485d4f432d57b146c3d9e1fd8d078de89b

SHA256
830bb266e04b093a11bf8a91ff03279b2b6520ba2849362b64cb9d96b688c950

SHA512
62f88d14d2299f6df7452ad60c2ee4f3771c75ad9310d7a64bd9b38dfb83e2c3e54f2b07938cba8fe494d42805bcef1e00c955f6a9acafabcf8193d6e8110799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94a7454f30f98e65ce4353931e2081ad

SHA1
ef981729bb7c3a88a3e77132e85157711a4dad92

SHA256
9ecbc77b17953a000e2f0cf3fbe788028744b69cac40818d4fd1678230ac2fcd

SHA512
e9fcfade133d601d667befa52a5dbd22759f5045da8bbe0edbd34f8787fe202573b50988031befed702028af911d09e24206f16be51526f118e5e978e93a827c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27f661900ea72acc1c594e1cc60727e4

SHA1
918eae6cbcb2ba7795e26d2597cff4c2638e06fb

SHA256
dd7b10ffbb223b97aa728205a4c1337de995f58105b7fb48523e6551012082b5

SHA512
af64b8bcafedf1920b0db2a02d7a045090178d9e34f45c42d266d078daedcff938350595db0f3ec8376ad0e058f3fe7fa02e2a68b6c6a22bee4cd5bd87d56917

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d89f5c9d00286d79c7ff7423d7fd308b

SHA1
c11aea201b5ec0adf3a8b54e2c1a3a5f25a8b5bd

SHA256
2b05bfb2743c40907788bafcf0ebf6e5c1e280e554e9f8026d5d9f0be4e4b52a

SHA512
e182b27719d8d701cf8f416471ac518068930ff4fd0b4891cfd214aa03e461692b7750bd817dfcdf51069999bc79f6b4d9ab48b5414ac00c9c4fe5c1bf3d3b09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48d161d5d1aa2aa43a9d0bf65ac2d60d

SHA1
6e920c25f9130ffda311fa96587da20958e7a852

SHA256
20a0a13029512dd560586f1d1af95f215fc6d0e65099232a673eb3020646d5bb

SHA512
1acec7b473cd8eaee5bb6d578970f43438a52bdd40b3269b989d6241e0274d1c909d8b6278862ce9c50d2c089d0c75ac9cc227578d566ba7e5a04b37c62e5c2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d4c15aaac8d9bf46b41d83fe9dea959

SHA1
fac96cc74a6ab87154936037fe5d5647faafe8e1

SHA256
63f78fedcc8bead46e8024250365862b6c825b6863e40c6194867a5ad879ea69

SHA512
cc3d360993b6e592e55578689ebefc572bc085322e999c5671d42817da01452d16bf2b9e94acada19dbd52c0fc33a2283278d2e71e02b7594a49b8bad12f6044

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
504560cdf1c0f3c7a6637485459641ed

SHA1
03915c739c07db9b6416281cd8e3940dea79723c

SHA256
c666aaa98f99d42e73d88e5116e8009655a9666f46ceb3b2e0f0ac18e2eb7125

SHA512
5fa072bbb40179ceff753cdfeb8bb96a699ed7d17b5d9362e5c674fe14b315aa468cdfac5ac646e0d7903ac679477ff10ad4f2aa135df6e70bd9a397b602edc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
374bb4c25b65b2a2646ec5c2d834f345

SHA1
3a34ea731eecc95f875861dbb080a95d094a9011

SHA256
24709697388413c23a57202fb6d63521880a1800c0a1fcbeb5f0112f9d09fedb

SHA512
d8c202c74c5a00034584b0b0dd8a7e45faad6209269c2b2cee17c107ccc47ddd03177ed1b9156fd23ac805848f0c4cedcb52944dec6091cebba787762951f4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\f[1].txt

Filesize
34KB

MD5
d854bbb2246d993bd1f8687e79493f60

SHA1
28fbae93bc5e4e99a6c905fdda488be72057c307

SHA256
707248d75606cc53aad966797dc2cc86997d1ea1a74b1c99b9191716600c74e3

SHA512
ba4e7ef0a590c84310fb36ea64202cf821058eb7bd52ada1cc9fefff544b7500bf54a8ee43ce80b6cf8989071b0deaf2bf9a50c8063c192f24063f318585c3f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB8D5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB8D8.tmp

Filesize
1KB

MD5
fa527dcd6b5eb05e72fc51570a2a6608

SHA1
3380c5ef74408265fba2f67e790636d0ad0a51cc

SHA256
4dc7a4a6cb3be2c334a27a49df89f18f8f91749fe6aa1cf28d548e0e0c75ce3d

SHA512
05c0e217c433949cab210102a26ca7f6a765515b228b217e25c7409408fc167b5a59a8494e1181284e9ec72849c90288f3a066faa284e29d871097ec76291a5a

Download Submit