45b5cf63f10352b0c554828ad2ec0dd08aecd256f20df4cb281956dadbcf1d67

Analysis

max time kernel
2s
max time network
163s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f2d91af2a3ced26f66a360ba3abf2f8.html
Size

70KB
MD5

1f2d91af2a3ced26f66a360ba3abf2f8
SHA1

ee8745bb277eb37d7c05bc1125f44ed623db86b4
SHA256

45b5cf63f10352b0c554828ad2ec0dd08aecd256f20df4cb281956dadbcf1d67
SHA512

c397d1bc1a5e947daf81c1246072284f8b1dc05b525a0e424f8378ddf1ebc4a9097f7f6085113e888fa103b7b121afce51112e47a1e9c0de4ac6b7c099e7cbe4
SSDEEP

1536:RRh09kHUwXcge9dVXJasNVRJmOVVFJo+y9+02:7h09MUwX2PtN8w

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{712022B1-A556-11EE-BA54-D2016227024C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1980	iexplore.exe
1980	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1744	1980	iexplore.exe	16
PID 1980 wrote to memory of 1744	1980	iexplore.exe	16
PID 1980 wrote to memory of 1744	1980	iexplore.exe	16
PID 1980 wrote to memory of 1744	1980	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1f2d91af2a3ced26f66a360ba3abf2f8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1980 CREDAT:275457 /prefetch:2
  2⤵
  PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efb58ce11e4995fafd34bf0123296cd4

SHA1
f6f877ef771a4c455a42499a489a845f55be5e38

SHA256
f2be921cf205cfed970fe4d5c348827047469c0affa1d567fcd9e11497b4cd02

SHA512
11133fdf41e67a2b5d4cf930bb7d8444534f1e82e8d52424145abcf335888e7de023adc22d5c8b9f91128ad4bfdadf79a69795968cf82c58b0f93a4d5b47464e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6385500d3c5258158c57fba2b138f420

SHA1
53f557a75e8e49f239b31358ae0744ff5e818a37

SHA256
9d7d1dbfddaad4b4f770ecb4bfc1823aab49f146e6fd4fd64fbf20c7f0e9e760

SHA512
13faefd0a23a2b68d93446c9c20132f1f1bc8eccf258e8f569e3904967aea56a343d3bd9359e2daee0ab01f9613164740a92c1416c33841d54eb8fdd23465dfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25b32ffbd9ccb48552329427976219bc

SHA1
0019ce245e3e3b20700b2cc490f5725d4bfce56e

SHA256
ee2a38e4a5c1024536ddecbae7ef5adcdb61df17259f09fdeaf9a0dba50c01e9

SHA512
6aa9b9b672c7a82658dbe97d4920be41465127a58be54418599027c6efc3296588b4e6b8f1756c643da99fb69a4e6b79cebbb6e3fdfcf44ac4fa7ddec72f937b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fd737d34990d32c016ef8151ae48370

SHA1
d2a0dad0988ec6ace4789933b3eba93420d8f4e2

SHA256
b234243582b0516158eef15706d34c47641fc064ccfa623e7276cac866b5fc02

SHA512
b72f26d583e74bb94fa5549a7bd38a8d41b9a43be9cf83f8c5676d528b99f469cff37a2739eb11f7164323f1b1323b774852a28a1747f514c8c99b28dcd272c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e57bfac7b037107305419140a0aa9e7f

SHA1
1e2f7048f44442ea46a9d048f4bbb7914427307d

SHA256
2beddfae5db95fbf34a9057610de51ddfa5cf71b0094aa657aa1b2a68ce28466

SHA512
c720b3197dff53ed2b33461f7b0ff1bc404af16183cd7e7db31c2dd49b0a3598165dc30776984b6b0cfba8186f907791cdac8390374da4ab5b65674a0a9b6e6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
155d6b63a0ccb16e5ec3cc79a969549a

SHA1
c54a544a74b1388e75db5e70510e734ffa2a7f25

SHA256
d5ac8d0a2f58529d16f5451c4b524291fd579414aa71515d27c5f653e15bdfaa

SHA512
deaf6bcf43bae1b6a1d910a1995bccbe97cbbeb92b545798ca592fbff20e688600b4c2ba142b77f32d8269e3fde223b4f1e3eddfaacacb7bda46c311d857a5c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45da34c0cf7b45aba36fd8b9be67aac0

SHA1
8b31b9c6e9fe2078b0f9b5da20d06014a8bf5494

SHA256
4e3c5b81dfe6dfdd53e1039447b64f2c557364c2266f8410e079906613b47270

SHA512
9b1e5b6c2de15d6ca6901e4b68ab69bf65d0a2c77b8c0faae28c82f167445d12f2216ee35f18a78562da2daf9d9be605a7c0f3bc0094fc0079648e54c14abf88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8269bcd853f399d2c62f50d36ee7f33

SHA1
c1770355c33346a420d5d7ab1adc991d512fae63

SHA256
8d3c946505a61920ad0c933d471860b21b77db0009862d3d564d85104fc6a213

SHA512
c39c95236ef7479da3aa35ce483ebbda83f8494dfaa9e1523a3b8f8f55b036ec0ef4d540b4e34f01e145b17abc29bf7e07638b49cf50a7969b0841a4dd80f7c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eed7deaeee49305f0f892dd7f625ce24

SHA1
61c71adbc92089c9a6924947ed4542f836908981

SHA256
57fb5080310bec3df9cfc111a54ade082d63148dcd7bcb2f91061dc09b5cd17b

SHA512
2078247ad60805e8fdccd4e46c5cb49f58c16f624ee9dbe2b460733b60bee9ddcc38d5a3a381c85e33bc3454bc923fb791cde1cdfeb8bdbc518be40064449ec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77982238b7c6cf5fc5afd28119749845

SHA1
fa09ddd2ad7e19f6c0c0a1b557dff6acebcb99fd

SHA256
0f2a857727751139eff45056684651321fc731a48b757df9da1361aa949e7e72

SHA512
5f9595764de2c7e8cc13d93c2365bc87256185c310d84a8ba1886755fcf19cc4ffe3fb923092a80e127350d2b92f955ae3d81fc30ed61e3b3e248effd15f6d3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82d34ece5e3be967429c00dc0f6d101c

SHA1
5e0b8a5a8bd033a36452a7a1fa846bf97e47fd61

SHA256
f08b6da2a16c946dd6d338f94c932365474663b3cc41c60ac85e01712b8eb4ef

SHA512
10b11324c2fd249a0956e3affd2c09d098998dc11f01f74d068b4fc45e20c7fc1389768ad6c53dcac49dbc096e6374f6fa43e0db1bd251bbea70676051001baf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f14663c0b71983cda369e84ec99f70b1

SHA1
c2e33428632aa6ae190b46ba52df9de00edec4db

SHA256
94e9f2fcb7597cf23a632587e82049a3564188f2762993f8bdbf4f1712060531

SHA512
56ddd26ae3a2b4efbaec680c8343f36e02cbe2064caa156ada5cdb1c228e4c80b707bd3a74bba09f4e3cb18321305afb452040b51c4f58e82781a3b63e635ec2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf669fc2d5304a5fcac698d2524489a9

SHA1
c63a8ba848bdcd4cb69c4a96f1979b1af10c8a04

SHA256
6adae24e3f65cf3031fcffed894f8575ee255ab180f854f43c5d96bf64a8799b

SHA512
fe5175f7b8b2aaa6da5e0833d39a9136f7d1885441bcee3ed213243b34f9bd070fd22d366d990ece80a4bb3dc5abd97fd357caf7ffc7b07f661d22b55f336c0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec93605de4c431243a6ed9ff0b3d7d96

SHA1
9a628d5b34279b5c0b8b1b1d466e06a2c0ca38fa

SHA256
65e901960fb5e61a57c726e67e895831d510fa337bcffb56b9d342b635e1b352

SHA512
fffb93b43516cac58569c62899ee38767191b27f259604f539bcc194bb6f4e78174d7fb1fbefaa7c0019c7744bf5d5f6dc1e54224585484bc923753a397adf24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13e1fa7107e189aafd72e3ca0ce8df1e

SHA1
aad62de70c70b1a61d91ddb946d2a5e7b717997f

SHA256
89b70abec7aa446870095866fed4458f68cae6c3ddc855e5e14f493b613fea97

SHA512
03e55c1983dd7789246f5c34367b76e5436c3c18b43d8bde41953e566aec3ab267f8ef9ef78af904e5ff5e9e8c6831eb1f85419ff40840e4e028f3e12d2b22e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\l10n[1].js

Filesize
1KB

MD5
48df5574944caffdbf86fb3c8d2bfef8

SHA1
c34259f331c98be3e2cedf516e20f840cd907ea2

SHA256
f0fa81e4e8b24e29b2680e9d132585e9bc7fc1adac56c83a0a3d44eb311f5c73

SHA512
6b96de831985799f41407fd8e666bcafc3e1702f41421523415049f63f89fc4cea6b0fac09aaf7d3e619e77f8ea223479b78f01f5cb283aeddf6addbce656260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WEH2YLI\avatar[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab85C5.tmp

Filesize
43KB

MD5
180565a0e2cee65d5cb523ad6ad29d61

SHA1
1b5974abe052ef049943a2aa230e36733827c6bc

SHA256
677b09d1bde5a67eb260696174b5cc194d8e1c9609c8dfd536499fe3a546d452

SHA512
74b608eca733f1492ec28ddf8ec073af7f08afa722e65280a3bd3919799ff1b4e36c0252de0da825863a4aa7c0db10c498ed4bd1d42f571de1c5a9c28706ebd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar85C7.tmp

Filesize
59KB

MD5
d6785945a0efcea8545f11bb656ca7ed

SHA1
0457c28173b9533ad1f35417d4ba1e110873e03d

SHA256
d634b894f1450791d6fef3ad32f70ffa5560ab5dcc221315b8eacfde48be3b4f

SHA512
042d2416bc6061c932e7a41a49e3d0012a4f3dd75531913d248ccbbff1f483bc822b07efe8b7034494d2d55f71089eba74dd553ca3af46bad5f75d398b2f19a6

Download Submit