e5f252d87577a37f5a9b020b111a63b8bfb4774b03edf50b2c1497c64e41d0a0

Analysis

max time kernel
119s
max time network
159s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a4081f7056364c84d42e09fa67d823b.html
Size

7KB
MD5

1a4081f7056364c84d42e09fa67d823b
SHA1

b39e54657f48b42fc06fad904781d2082d0aab66
SHA256

e5f252d87577a37f5a9b020b111a63b8bfb4774b03edf50b2c1497c64e41d0a0
SHA512

40e8e0d5b29313c6aa00e7a2de11f0115aa313a7e6316f0c5fc8475363e4f743ac2b428d1b59058699e98f12c8bbaa0cc127a67714406d8d135fe5cc52a25920
SSDEEP

96:uzVs+ux7/zLLY1k9o84d12ef7CSTU3zf+Ch92UccEZ7ru7f:csz7/zAYS/Njb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c0000000002000000000010660000000100002000000026b22e18bb5cb2cf8f3d60714fb674da278e4eb71e691c4c8cb9ea808265bf7f000000000e80000000020000200000005646dec53231854f621909463ac447e02f54aea6512e14497b78e26f589173fe20000000c8184369ca3536ac1913bb3e3d1ffa037f4264d8b196fe4a7e518717b72ba3fa40000000621856f3028329c8ce59fd48526d2b9f618ffa4b72bcfecf0031cd8d405bf72d793e67238eb0bd242b49581e9d06cc610cc24256b612ce1c672e3bd831933fd4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B0FC6BA1-A394-11EE-91D2-EEC5CD00071E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409718823"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0ce1287a137da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000009fd693f2211216d4e63ce0b82ef208786b3599b7cee6ad1fb3ce7076d12b146b000000000e8000000002000020000000de504938dac1b6429b520b63e9edbafc00473178ffd4808dba73c46677871bb790000000b79a53eb6783eb55475f20357e3ac407e46c7a362fbde962dcadd4054998ad5807002465aadd3df27ad5e3afa0b9309d2e409b920a4adf22900761832498caeca1b250712e68d2f8cf707a5b249c03de4b6b6c11fc662a859dcbd593465378e772c78c48280fab723006426ed6a282236e8d126d1d4a1ffb9b78f370d73292d37b93261b97475f057e839a1e2e9050f540000000d74feaaf1f6eb6d434d987acc89ad8414c96a10d462478de6430bcf5f007d74170ee5502460e56a55c01133f78d611ef47fa8092f461a6e9e91e0b87f3148b6e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2160	2188	iexplore.exe	28
PID 2188 wrote to memory of 2160	2188	iexplore.exe	28
PID 2188 wrote to memory of 2160	2188	iexplore.exe	28
PID 2188 wrote to memory of 2160	2188	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1a4081f7056364c84d42e09fa67d823b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
042875c22d41e85ed0f89af7242374a2

SHA1
885549713c8ff8e36d374f6ee7caec4f69284b82

SHA256
595551910bf208b25544fd4c5e7214026a3283fda60e32dcb80bf6de906c8efb

SHA512
046cedd4bb18cf21f04cc12411c10eba014e54b288c608f40fe75bbb7b0f7acfae536e0c3b8ea6eba75c27d87063c6bba48798fa0c1f613b973678d0ed7ca223

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c181c1595ca85fb6a1b5ecc833509bf5

SHA1
b7d7031e153374e1a2d4a9bad204645514276021

SHA256
19f08d64d9981c6bb50214d75d15dc5ee71075e59c986b209ce2571a585239ea

SHA512
d5c6d8da4a31d312a346cd6b0a3f98be31ac9a698f7a773762d0beea1dd6347e0f1b470a7701bad73895c370469cc0299219a87a1fe7eb92d253d65590044aea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2380267d4dcdbe1670e1118491a4e414

SHA1
2b410c2ba082ad6703cc289c9cb382473d368787

SHA256
cdaf2c4e4d5805873002283d18bab10d5b54a792a4a461f49d09db643e36b75e

SHA512
006dc7dc6bba6c39b02c8c7ae7e6da636c6743437329d3bcc6e6ac2bfba50f2c7090d2ba6e80da738ea343979b0f84ec9ad31c926dd7b473001fe64e9a0c4884

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b41d9780110a21add0b7f9936cb7a7df

SHA1
969c64da950431134b436b38cfaef7dfdb18e9cb

SHA256
b1c3091b6aa4f6080a7ebaf7bed6a3756721e3751fe15a10cbba112edde62b50

SHA512
7fa8bc4b5ad481dbc74243a21c2d1ea35450b37b811f3a4fca4a254735e99b1a518fc916b1aae792dae6bd5c795668a08024f1aaa8e52585b291b1fb25ea4b7e

Download Submit