26e94420c651353cf13550b66af6778617961b2613699c3e720c416d6d82bc8b

Analysis

max time kernel
0s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22e3cdc80784c26c0c6067ea93a9ce18.html
Size

3.5MB
MD5

22e3cdc80784c26c0c6067ea93a9ce18
SHA1

1e8c2eb408152a554af3ea79e9365c6b630b2284
SHA256

26e94420c651353cf13550b66af6778617961b2613699c3e720c416d6d82bc8b
SHA512

84d806a637e9d2bd721c09396e2060dd37fed32248668627c38cbc9bc7132d3a1d72ab63b3167874efce8281e94b1eab155c2634e45727fe75d7c00514108533
SSDEEP

12288:oLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nfi:ovpjte4tT6Ni

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{455E2E21-A3BB-11EE-AA86-EE9A2FAC8CC3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1928	iexplore.exe
1928	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2652	1928	iexplore.exe	18
PID 1928 wrote to memory of 2652	1928	iexplore.exe	18
PID 1928 wrote to memory of 2652	1928	iexplore.exe	18
PID 1928 wrote to memory of 2652	1928	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\22e3cdc80784c26c0c6067ea93a9ce18.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2
  2⤵
  PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4230ec248f1b077eb98d8b49bdda07f3

SHA1
a5e7e7c26d57f43189505037692c5ecd7e4f3e33

SHA256
2f8e86d4f108ab9767e2a0a1a6dba5a916f7ddc45a652099c481002894b897e7

SHA512
ed83644f4b91cd4c35d47fd4f458cb9d614248af25e4914b56f1c25d9470255ffacb13ef79f96b99e7ac1704949a60e9d4200395b29f7fb0a5604777d97306fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6513ed9d078214dbd60a13cf17eac0d

SHA1
3a0b9c899b74e6de4ac681c98ed5a08f960d4c4d

SHA256
e09b5ba939cadaf078ae21ca06f55c5ab6f69ab82c38c5c889de4d6deba90a28

SHA512
a12e6f7a5a32aa7d00e63cefadd96566a7c52ba4773e4e6c00eedf34608e861ec5bd4b2b064ed80800bd2edd59664857292adfa78ae6b821d8a6e44d3b655298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a29b66da4030cadb34c105cdb7f0f23

SHA1
80b4f08cfd33a3c14dd7d9d959f38ca1389f971c

SHA256
a391bb80a48a7ec8a8c70435cf3392f7999d89d366a40880df76ff3af27d6477

SHA512
74da680d28d639dd24b8bdcf02cd580ced37492b0d7fd8ca002e29cb24daef01468f14c4cae9f2a5ceddaef17f2c00b8fb0d24991ca2123a5c88504474afd678

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdcce82b63a6ffbf4b45f277863affff

SHA1
165e494549de12c46ecc3dbd0a02dffab746ecf4

SHA256
af7c7216276e6858a49418b041e1dbea2fa62f4ca825207577afdb78b3d5b1c0

SHA512
dc0b1d591be891e7062893271e2d944e1ae7e6d7f891f827d6a627540c1b2589ba505292ce3d559bdd9ecee0936d4fed641246349a50ead6c9801e25110cf39b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf89eefca2598ca25549a28e6c1cd06f

SHA1
d224548fed7e1451901dbc0b6119b970b1b9a125

SHA256
0a0abd250659c114f2b021930381b6ee245d507acb941ec785ba522372f5f8e2

SHA512
02680973ee2a8f5f5f0354d93613307f8d1bd9b3d7efee87725e6dfb2cf6571fb0f21ba7907023252bb3ff1b03046a83140f4fe33c5d6c89f4b04629b71661fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dc00f1a7d74d74225514c203eb9e382

SHA1
858d9e22825cf87ad490d3f5569b9accc6b6adfc

SHA256
d5152ed112a42377139c4abfc77216bd74d05a81a20f8fbca37a3a693205096c

SHA512
0464dcf7423c3cffe7eae694e815c9b820f426807f533db1a9552e4f2b5d0d1815df76d86fd33b4d54eaf072e8fc1c8aba4773770fdd6ae50923fe3cea2e6cb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c089091055f44a5f5c2c363f9078d65

SHA1
22c931a4687da347bb1177eef3d4a652568c54de

SHA256
93c6b7371baed75b73d3d1b321736c211a04985661e0ae0f41fd9b6834ec06c3

SHA512
6cfbb0870bdcc6381e034118f4555f672707f33f3b3195137792681cedccd3d654ec2c4e625930b8b1e240966053e93250124b269a60592f145def36f1a209fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
498a072a5ea51fc67c0c0b924f9fe1a1

SHA1
476dea6d1f77eca2ba4b6f80983c0316db3f14c5

SHA256
a08fb75f3528c33d1202f5f3a24f97ee982a030e9efb208767c42d76cf7760d6

SHA512
f96882abe6a5f6c582b2d6ebba42a09b2008c1151ed095a37bc7d576f2ac8f09aaa1417d5e611d4f1537acd48d08c52029b3ca9e953d2f4932315beee62220c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32681d25274f56ce10970965c4666cc5

SHA1
c65ec7d7733166d57c901aa673a2ef926d59e95e

SHA256
eb64b616891cf09880842892c8fe56e83bd1ffca48d821e91047e632cbb49133

SHA512
5af644b06663cb25651ddfa74b0dd59274704160beae28a861598b42f62e90dd51d656a8dbafbe984df5126c895f39462ae0b894ccab931d48aacfb679bd3c83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5841a4ca63a436fe053549bd5a32b6d

SHA1
6ad0c7ac96dc97a2e337d494cd1cf333dc53d900

SHA256
5a9a18335c98980c8ae3dbd6b20e6edd64814fbff74394978fbc50e208f71fe3

SHA512
c1864459ba81f963f3002ad057fa14afb2b0bfe4eb79b4e4a234c90af2dfc1d66991bcc9e1a9d865592aa56318f0034df9d82ca90220f345dcb4571df03d392f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
004a28169661321aa974b83f174c62a8

SHA1
e4f35ce79543055a75c5f15bb70abe06f526662c

SHA256
4eac65c6bd16da8be7049ba1ba4e5aecf3d055e01480b867edb4ef94e7703d38

SHA512
6f1dc7a106e456f6c914f6e2a4a277dd75c4a5e71a63f8c0ca443ee92c8ff836ee9c65f6d07194b6ae5a254b886c34e9d850f4b8e0c11ee2db732bf8ee2f5a33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19c33e7c16e7d805151b495d9ec05429

SHA1
aa2c4ff2b9691c1bb508b3dd4e91c9b3318bd9ec

SHA256
f421b6a56eb236ce479b53a13df9b2a2152c7f69b03cbcdd1a46feb55113796a

SHA512
4cb10e386d660ad6ce99b32e3e0457c0f20c38469469a3383537f9443d29b58bea580ea4a9701ac86335c3cec839a2921433b2b39c7e974de55a749baee75a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\beacon.min[1].js

Filesize
19KB

MD5
dd1d068fdb5fe90b6c05a5b3940e088c

SHA1
0d96f9df8772633a9df4c81cf323a4ef8998ba59

SHA256
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

SHA512
7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar264B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit