76b41d2778c4c0047820dd9beb3ee0c33efaf92ae1a6819b2ca0bb4f27832a31

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18baa60d19f3d9c8727941c054fbd946.html
Size

7KB
MD5

18baa60d19f3d9c8727941c054fbd946
SHA1

808b471a2e111733e8ec7e5a36d2d046c7b2bd56
SHA256

76b41d2778c4c0047820dd9beb3ee0c33efaf92ae1a6819b2ca0bb4f27832a31
SHA512

3c3d0f40d9cf331bc882ddf770c728d98903a7eb487ac4da78de7a8101afa54413a62ec352128505086a569fe345026fb6e69e8a2efe0a84a4048b34e826a448
SSDEEP

96:UHBvxABfo+2baQ/KTQ0HStP/JY3ivPwBPZ6FWcYVvmsOGMAdF9fzzaa81p/L:ltobbaQCTXyB/JYq8MwZsidzzaaY9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1F106A11-A520-11EE-9AF4-C2500A176F17} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000033308ec89eadb946428958a7070115c2fa2a5eeb4bcf42eb309076df416fc4f8000000000e8000000002000020000000b92e38ff5edba42a97ebfd5cb297e218c1f999908f56a75e8a96038845a5386290000000963c44b176bee36cdd4516852938a020b75c03297716284b71ac19f4a4847db209d6da331c9f587defb7b49dbdff473d7e5575fc89764ae35ee9a6eb7b9d0fe6f2ab82eb869a219c32d192c5f0d1288c32b1743975b5119e5ff5a9f4d76c3f0b9c7c585de33335ef0a90d7dab932a1872633f89c2bacf73f274077387a9cd9ce54da465c73ad36cb3fc6d5d63888014240000000c141dc262dbf025f40dbfa5837b10b4bbfda31825bc2db693259b77d90f08bb690ef1c3d366e5591a8cc4db5ead898930580030d9d413d578059ee8a9c77f9b2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0bc0a0d2d39da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409888657"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000f3b4d1022266266d51423d96b893ab0fce674a2372d1349af7a0defa57779cbc000000000e800000000200002000000098169a1b88235299ca1d58c4bb2a2687eecf960408bfeeab4fc7f66b89e9947420000000174fdd35c680577e3332beb850e49b40760cb2f6815809c4f3113d3e5e822ed5400000008350bc2cb5d99b2060bcd954c84583c259106c5fbda8e8dabb41424a2cac807a568977b7e8cc14cb3b06cece1434714c6d077fb7d5c5b5abf6df6e4c657a959b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1636	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1636	iexplore.exe
1636	iexplore.exe
2364	IEXPLORE.EXE
2364	IEXPLORE.EXE
2364	IEXPLORE.EXE
2364	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2364	1636	iexplore.exe	28
PID 1636 wrote to memory of 2364	1636	iexplore.exe	28
PID 1636 wrote to memory of 2364	1636	iexplore.exe	28
PID 1636 wrote to memory of 2364	1636	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\18baa60d19f3d9c8727941c054fbd946.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c44cbd1b61b974ef0f47ab8e2922ca6e

SHA1
42b3da4c206026074ae8e06af9d72102becb798d

SHA256
96c096cf3d7600698ca51e8396f10c4ffabcaa785553372a493216f30f1af258

SHA512
082e9e1b3fb7f551b3980f0fcf2973be4b878f04ff14ec963d105b8ad60523d32bc033cf39f4b71719061306684622483c4da3ece4f1da8cf3424f42a2a14eda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
480a817c633774c0b93a8639f1114f22

SHA1
313970150102ac9fc3cbb57127cf51690b35111d

SHA256
fe04352e7220bb719f27969bf01773c0705fca20c2b3be3a4317d7353b40e211

SHA512
314674d17c726c9beab492dc0f77c735cb58d8db77a0af0ea49ed030aced99d6ff967d88df1588039882bd5d6244f3913739ebd037f08e2098b0cd36547ed11d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4088f9a118486b90f57312962f6aa21

SHA1
25d5edef36fdf9fd23652e1291a44f7477f3e23f

SHA256
9304aeb1915fe406a24bfdb2f1f100eb4fc0a06c5c17b2d7f3ec53660ee78ab1

SHA512
12609401988cabafd5a47558d1e9bbf5db7852c0b9088e7e8940cac7058494c05f959b0307ffcdbdf03e21879e029f4ba1fe189194602c24692d06ff5f2fced7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7134d9a4ce692335cc223c286b221225

SHA1
366ce56d2367a17bfa363f4da65136b9bf864b8c

SHA256
3857f0bfb4c6f73a7cccc932455607b1b466d67bee767e170671e9615c5e2174

SHA512
85c9cd059edf6b110d51cce7fb85f7cf1ff64b9e83a5fe24c8529cfb401c8ee0876a9813fd9978edfef02c49ca0784a60e801dc4dc81984d5f5f3b0a7b90cd76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da4f3c4bb3383d38c25b5d87af4cd9c8

SHA1
688fd96e6f2edd9155c8cd0e22b6454e9fcac6ee

SHA256
ff6fca86106b16bae57e83d36b601f20902463ce949ad916d7e78980437cebed

SHA512
c3d5f049fec1a35fd3c21ec1fd8d6cfa76a0e4b93577bedfb311edb8d9c29855279cc249b694f15c6792184a338d97abd804806c271a4e10fcfdcd8ebb4558b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46f06c4177d96d248b28d254036646f4

SHA1
679a0102c7305f774a13be1cb97749e20af1bf2c

SHA256
9bd3e5bab2e1261f72260f8e81e8d7d720d0ab323198778eddcd1aeb426b3f9d

SHA512
9e3d7e5c8c8bee5bc672d3457b16da2baac5a54263fc0989d878d922a45c943d068f8b34b4eafab1565688c0b2d677493fdc64217ac8ee1dc091d4dfe7ea159b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
685a74e2f7afbe35582c78baa8801ef1

SHA1
ad0e325cb4ff3e152ad8a7506ca717d5505b60da

SHA256
374e0ce85020c4239bd267bf0c0a04936e0cddc00b0706f9b52d3894eef3eaee

SHA512
6af1deed5a34479ae2aae8fa2a63d2afde3df9fc1d018d0e9dd8051dd2e0efc9c1f00a73450e5e828d56e46aae3e3e748376a92a27bfee0726cdf030dd344e06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c4a61efe6163f13862f83ee49cdb24a

SHA1
1b6bedcc1f038b907619d8ca187f1c36a31aae22

SHA256
e910584fa352ac80c1ad6c37cc4945a349795e1479949e0848f0b33ef87668d3

SHA512
3340c529045be7f285a9785e9f0111b31f6905b6c96cee8598f33b21cae55a366134f4afed8c2128cdb15987a15ee882fbcb9cfaa09cd937b0070fd9dee25390

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fa6527883094668e9e8a5692a193b97

SHA1
e1363a2ced126331719e3f8db3fd9cfc28690b14

SHA256
9c476dce217419ac726688e1d81fea5682170619092b7f0e1f09386aca5a9324

SHA512
0667d84454e0eefd1d8b32895c8df59d172344a8ab0b5d62ab6b0e78036114e27a66ae3ea220ea745b778d491bb377e0e8c5947db756f1d78c8468ca06d35252

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c57d12b147af457d05f7f4e94b38d68c

SHA1
04e64ea522360c031e1b9899f41f28d3d6e6c1d2

SHA256
64419c6da74240bc2afd5b0ee621879648e442c5f03740d6d163b5858922b7fd

SHA512
7feb645a8d067c98bd5d51484aba353d2a5c10fd689e3c832cc42a233b8e031b814144bec5432a3e367071ed1eead335f7ddc2a8d9e7d22edcc20ab143da83ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23242992d27f8dcfc66094956ddf486d

SHA1
286c50e29f132b250f3beba4867af70a26443bd1

SHA256
d244e49f91ce35cd3bf493296242433b9e8f77902e80dc6a2f4d5f17d8f0fdea

SHA512
1cd4348b359f18d3d9f256d226d6158dda4adcca674a551c7c9f680c5bc5d29155caa8ac610d198252730d81b5d183d86cd96b23b1f2740e821133646048f9bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bdd7062012024a258b9915de900977f

SHA1
f4fc31c8c0f62abcb4de88fdc15bb003ca4a1b7a

SHA256
3e1e4f475597f5fbb94953e9d703f19caf2102dc2c338a23b256c7492b6cc60b

SHA512
90d4ec837788394c0cc043a150ff4acf1ac5f06930ecdae8261a023312e26d7dc8476b384ac8608fe3a75bd8d158f5001ee6d7b6b89a49a401737e229dd99ca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
742454059cae4b4c30203ede9487fe86

SHA1
0474e0b0819e646da3d7e742685d2446757d6a4d

SHA256
3bb4ada55ad93f39b9f81b9fffa184208b4bfab34af9200f6a19f23bd4a435ab

SHA512
91dd8bce3360a9c8e59f9bd3fb456192a0c9cf9a28d27fd6c26b049105cd12f38f36dcd1714b97fb8c88736cf00add025a2048f64eaa5da4f231a3269b076af3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23b7705f5d81af37b2a97d6e5803d0c4

SHA1
38402ab53c5dc2e79749a6b1e7e7a6a2cbfa5eaa

SHA256
49c7419c20216135f16740fcf9dd2bfb7637218261792cd7149ca2180a552033

SHA512
63e49f2f9c3509afcf6fabd8f985d4d21a3b39c4e47f39d5f59d89948fe8d7e5c653e41740212735f717acec62d7fd3c8e4200a770df6af739e9f636ebd0823e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c31ae5c0325ce1a25f4f3a8068f0cba

SHA1
afb680043640b654fdcf5ebc1029383e2f60ee12

SHA256
bc239e638ddb530bdee6b7c89fbb5075a825a1c206469b4b0215b3d538849c1f

SHA512
2e763140684b4e4947bfe1d5502fee32f5f773ce4cc2438a941ef9d644912421d668acd55beaa81710191290742ed6e226c1b8cf14fd1d6aad85bd7710bbe273

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a59a898655dfd00d8365a1126f7b43ce

SHA1
ec707d1a4f4d56a83dcc3c9de99e4799f7f2892e

SHA256
51a43e56d66c7997abcb493b9640f9df7354c8bc94d2761c6dd0a8b6fa04ab1a

SHA512
14a3ea4b637b99ee87de430ca3c6d2b27f35a0cc887daf0624afa8dcc19f1d977879c32223020666e7969d9d1b5bddaaba172bb7f910f03ec345d1018b6e0816

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98a52aefab22549c3f43c66c44fe0744

SHA1
9102238924456ad8dba75ceefc1779c0c94a3585

SHA256
d5d3d74c69a236442fd651b0e108e3cecfc0b3cce59273c95862a877db2c879a

SHA512
d05d10c08b0eef61ea41d2e276e6c8b270fec32afc0d2c97d6aa2e1a16af4e2c45aa9eb6df9cb549fb1ee666612163a8ba38d5e48dd17a51abd6f55fc68a6874

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4897.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar48E8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit