93f0adeece77bbbe6da0d34213e9dd45e8ecc39dd3a090114d3b8015027ee5c2

Analysis

max time kernel
28s
max time network
169s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22e7e0422f5417e879384396f7b5a4db.html
Size

3.5MB
MD5

22e7e0422f5417e879384396f7b5a4db
SHA1

ce6458d80784d44ecfafa100bdef3ddc954c7b4d
SHA256

93f0adeece77bbbe6da0d34213e9dd45e8ecc39dd3a090114d3b8015027ee5c2
SHA512

7ee590b3d34ba603d18e400838926bb7340d687f7e09e96a873319c5c7906dd1c2c9e8062c96685c4ce02841f2d82a8e5ca6739fc3e8142fa2821f5b0919d918
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Na+:jvpjte4tT6w+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E73B5561-A578-11EE-994C-464D43A133DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1420	iexplore.exe
1420	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2728	1420	iexplore.exe	28
PID 1420 wrote to memory of 2728	1420	iexplore.exe	28
PID 1420 wrote to memory of 2728	1420	iexplore.exe	28
PID 1420 wrote to memory of 2728	1420	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\22e7e0422f5417e879384396f7b5a4db.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1420 CREDAT:275457 /prefetch:2
  2⤵
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6858f98ddb2fba3194dea0fc28bee5b5

SHA1
a718dd7e7c844d3f3f05b6d64870747d8df0ed37

SHA256
f055567e308eb980e2ef18b058fe7fb17c68b21531ced284d69d0c05fb9fc0ba

SHA512
01d3e027d06b0a4aec50a52145697e31507e2f079cf6161cc6093f8633c66ad9f3fdd675c4c9fa5f190e9c590a0681ff8c5bd132d20f8128640d1debb9b718ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a481657156c982042841f7a17636623c

SHA1
8e02954369da2671ddc5683e8d3aa3fdb2b17e11

SHA256
b15286a54dcca9abbad3b8bca64187fc7b089831ecde3826c8c55f45beb481ee

SHA512
6e2af10a8f5de6c0723dff81bdbe25e90a1ea9b02acb0a44402d4f0a1deae2e2f6972a1989d8b029b37fc8498efdb4204826a4bd67e82a4e82fbb4c16a4b2cca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74b1ca9c0949567c079fa9fe83bf2f23

SHA1
9efeb4784b0941d1a7bfdee1329ef240eaaea6d9

SHA256
8c4fdb19da8908fda99b426b79d29755999c41134d8e5f78ff4021b8b8881929

SHA512
5d4b8fffb89ce9bc6feb5cb9f213f21f689cfb4f706e58a0d1bb9441378d88342dd2708c45119dfa4156360e285244a197b83f2e82a9cb90e54184b9344696a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
232fd95f226fbcf3909f230650581172

SHA1
7e87691b00b3eb35faa2acdc354b5f7f794ccc46

SHA256
b4410f2f1c38168b7042b0995e43f7a7a809603a9d383263e92e7aaf8edf1807

SHA512
e99f5f0a109144d65c1ed43c852aa9b2f799e942d20cdade4dcd4411e674a0882e6b1603c46fb3cd69f5fd742511e2d66116877bb4b1323e3e654263e35ef96d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c78b5b56acb161b6e51ad1b233023b28

SHA1
bfc2a9ee0001a64d619bc2e056bddc390379fd32

SHA256
f193a3827afcfc4838485a3a302a589d9e7ae92a3b670254aa6f9b2470fee745

SHA512
f0192511a9ad710ddca919e95271f02e0ee6002360894ca609a3de1a2b8b4454b500a0905816cfe1ae0ad9e42eb440fab4f9c77354fba19142d521a821f6f606

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdddcf20cbafd0bcbc7984bfa3e29eca

SHA1
30c966f02c9965992a42dc1e7eb6bf386a190e78

SHA256
e2465537a292efcbbfaabe53e6f0745ccc3efa5c5acd4b06cc8a03fd1f533ee9

SHA512
5bf72fb7c832db7e876dcff9d1622d72debfca87c2ad51c034db9d1782a5149bc1f0d6eda1a773a6338e456ffad37a7b1a8fe7de1197db6fe5e3a4a336295bf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c52501437f4e68ebea726e5d4258d039

SHA1
a77b35edcf36e20945daeb6df61fc47d10ff5961

SHA256
d58cbc071d7b5af367d55447ef62917b75c34608d9290838e59d5634e074c8a5

SHA512
8582fe7c12feca3d1bfd8b60b8472772adf2462b9905d6ff420a9d82c329d73512326d18ebf1e403d6e3a2f9ba8f94ac27f22ed4b943398857c61be79ce0ecc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
376d88672563928c01c0be145f07d299

SHA1
da5934a13af2c1ba798b2e7586d8c6ecd60e3f9b

SHA256
1f4d76c2e3fedde902d33afa89cf706a03b26da7c6315324d085ae959646eb05

SHA512
c5f54061936758552ec02dffd3572cca2c93eaedf218f7ea48b79aa093ef855265cac9b755bb05d9c41feacfdf8be9a0c5ae3e3dc31da6b71dd49300106059fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a77848fbbbfd6ee471998ac20ebe483e

SHA1
8e19ccdfc2b7990ebc5c321e59767b2313c89dba

SHA256
763fc1de35a925a3b6eef6b547987818974c2a762d6e766623e12f8d4ea02231

SHA512
bb53bb680abdbef686409b71bef6d71cfcd64b13d406ce97963e765d8975dc054a0ca943a735b63691622f3ebbff43af0634f1de12a270ec4fa7957a2c39c5f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42d340a91ee7116afbd1ae425553a1e4

SHA1
f88c4241e45ff38971193efb5923dd3cac30c19c

SHA256
c2073a688fe1c565daf3dc9fb49ba9d440de5a67fd6f3150935458d831cc9ea1

SHA512
6bf920ae509946bd01f41cdcb3e393c1fcc10f629bf05b6e143f57804a5a6226648a269bdb8ad597f9059868e74a00c7591c1e6d6a30f32599cf2cab9c4f0fa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbbc301d5c5812704570739a5b799178

SHA1
6383732c253554b0b7e3d98fc3238e911a7cd1c8

SHA256
e8bffb0a080cd1e0accf022ded663e326f7d0db2fadeaf6859a758c168021cc7

SHA512
1c5f6cdec98459fd0633e24cb7c6ab4ddb35cd5597990208274863370ace1ee7fe6c11fe39ef53c13908326bdc0285bafb83920f75e6858b3e2fcd68e6784f3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6b7206423673b84f704d66b2f3f551c

SHA1
91d7e64cdc1f38bceef24182abc99b6b080c0c7a

SHA256
afc23752615d898225f429006039d712ae6e4230cd4233674003a33e8a64ba7f

SHA512
e2b0788004e81d8abf2465c9ecd0b35bdb015a9a01e6563e56dd52adf45f49a9ce0a55e05d5957e71d78d51e96e93de5c3d341b3a5f68e7703fb1471f2d044a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c601b3adbdef15d0470b7cbc1263ba72

SHA1
17179c427c1fb0d1da1d23cc3893ae7009ea19d3

SHA256
60a0568d8fed04c9756dd40518fd3cc27282fd7bb7e032be407803621437961a

SHA512
688582f65eba652d186b5e339becb13b038f5c02418a25e0f93ec519b5d19f0d705e3e89d1bedb093ba07782454b4a1ec24a5c48c29bcb0ef7a038c48260fa43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60f93c4b823465d37c2e1261edcc605c

SHA1
9c26c48ebe260fc91daf0a68ef090a76f39f2478

SHA256
47a9c7c94698464223d388de5933d9c03ad433a9c3d8b46dd23edb7f73daaaee

SHA512
4ff65e7af4652ea11bc7208c80a9526810cf0f3922dade5d8e9816cb936fb549c434677b52bebc2c926826908086b9ad83aa6c5df6e71782bc7c7a8948b5a56f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bed9e41c3afb38745494be26cea23af2

SHA1
6972606301b10a11db1e1d166c2db93204a9d2e8

SHA256
4eb50172bf339f53e98fed7bf0660f5c3ba6c2fb700862459b7d3714102bfb10

SHA512
32537782d9e3e47d0d130d21dd7fbf321a1477f7942614c0ac06b692fb7517bc0e08ecdec78fb0e1d1ed8b72b6b4c0252a8f73b420256bac3082ebd374aea6da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45d5037cd623dcb6287c65ed741ce649

SHA1
7304057fdd3200cbd302d03d6d96990183f6932d

SHA256
14c15f66a5be54595896b5c29302649e9c3fa50aa62b088c052a5b4915675423

SHA512
9776c549c85ef26e724d2b408baffe0fa4c969e0d50f7cf4ac1b00ce556b319bd242f5c117f97370654aafb8729712dfd7f4a22050c01372d1091cb9da17764b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e082464062327b7e2fc15ca15cc6046

SHA1
6becac68e3f54d6b2111e0138dcb10ea486081ad

SHA256
e1cdca54a9b7d5420e29e7c29c477fca7a3f38d2c42d3b753b291f0555591092

SHA512
196934d756c8e97e0a7d9dec1ad99ed85b9efb9981bbde46bf23ec82c012daf6fdf871a9db0618c8d1113aa80f9ee4de2d3733ca82dd15aacc5025af4fc97eb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48ac993b5b234b71b2644f5f749d25ab

SHA1
6a4f8bbb553762597ec521edcd35861232601baf

SHA256
785dae42ac108912ac8cd197c85900b7a3bf0b4a1729b448be876970444345f0

SHA512
7e32583f33592479967bea18f8b446784e6aa6fa2eddb14b0ae4c3e75389c9b1258e97609dfd069e818e3ff13f3df7751b19844c904b996932a18072c782afba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
baf18679d9d22be4893c19d00692e025

SHA1
9130e1851d8466dd3456034e4bea2c8e14ad444a

SHA256
08bdaae79ada8a6bb98f06168e3116a45bd41da90e2646cb443db3d9a80306c9

SHA512
b9c9dccb41ca0ea345827171fa19c07368db5ff0ef1ef3d6e1864e343a6f8dd73192c3be37b26f7a99bce26ab3a60c6a32a9ee9828ee033e9559ad35f447baca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bffb818ece60f5ffd3b6dbdec4537c21

SHA1
69ed96fcdd651f88c1b82884ddde8c4ab49c58d4

SHA256
bf678239dc92f00efcdd9754e8dd71913c1a399a99494dffb79404f940b161cd

SHA512
ad4a02e81841a964c4473df5c55495184fad78d338949ab24ecc88a0634fd1e69500de7e91fce8a39a8c7caa381d6a20ccb2ac4982163ea59b63682a0d18a119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
620cc58e34670e3fc10793fd10d7d56c

SHA1
bf36c7a2dd7159af272b28696e314518a87809f1

SHA256
8ce34048ded1ec997e0cd13a2eb60ff2c71835a4223b8e5a5650cddac3c861e9

SHA512
5d6392b181202d5b71f5f6f0d7b6129d3e89db447d044b9ba3c9f808f4893c4dd95bfe502bdf720af77742663a9b8f78af58eb4eb487b52ed3d755974aa1e86f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fd3be8096c9b20b7eeb40335ae157c0

SHA1
d877e7e8e56874bf379411133e2d21bb99c8f795

SHA256
2041f08b9d680463aa4a7d722be4672e1a8be2614dc0f3b6f40f65a04014608d

SHA512
b65ee87672c900813dd967d65daa40b20d0d5d82fa5c5590d3f7770981965d800a67833830d6d553fb3a185141f67242a11e969d3829e3add2b2f70f19ae0a67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5415cf0ad620899b090f48845c4634c2

SHA1
ecc91f7e0318921b1221d91d893b857747214739

SHA256
1ed8c9e992f646dceffd5ef4163598656572b0f3ecda063add7f1118e37b2a9b

SHA512
4c65a8ee2c2c763e9ac0ac260831bb0afa6c74d19aa6a9b7e3b5fdfb9ce0ea6135a85baf2470307db12963bab8891a034ffb995ee5f014568b141307befb1755

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f59426c7c8cac5975e0b9105b419abba

SHA1
2a3e71bf5f366e15b276fb9ebcf3bf34b2ec66da

SHA256
e9f1b8cf24eacaac1fd8de5836a19a8ccef3d006567a185029f8dfbead651111

SHA512
4785177a0c5b01612e590904f5799ed94ba0fdab88aea007e55f09307bad64a40e57f3c9985d6a2b233a2dd0aad0aac0ba08ad7b66a0a79403d623966374c1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\jquery-3.1.1.min[1].js

Filesize
26KB

MD5
23af6464ed68c98647e69d69281b146b

SHA1
bd08f231f6c740c31ee221aeb98731cc5091e4ed

SHA256
240ef80dfb8f3682ab36a07dc8886dd70d898e6aac3ff2c63096a2f78462fb33

SHA512
1a29a6a820389ee805dd69c6dd2be6520007ce05412b793746bfbbdb05b183d208bf9fe74b907035b631bffbd73f8b0f6eb98bfad8bf29bb90473eafbbea111a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE90A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit