eb0309bf2014cc0d3009e893599cebc5282e6ae93e3533395acff026bae9f41c

Analysis

max time kernel
141s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20ae84d9bec3c2d9a1031fe03665e70c.html
Size

4KB
MD5

20ae84d9bec3c2d9a1031fe03665e70c
SHA1

1787fd33f57d0cbb823bd3fb9f7a248fef00db53
SHA256

eb0309bf2014cc0d3009e893599cebc5282e6ae93e3533395acff026bae9f41c
SHA512

d2ecb83629c03d8ac3840e79729de8ed7213511a990e2c92e66638e79a285f6c3a0d9e61e393e02c1b70b39430c4481afbb940963a5b5a284b246e6f041a44c8
SSDEEP

96:wPE1IJ/uW1Tun27mKvXG/ytfF0ceNhgdTAll/W0z:6D/L1Tun27mKvWsfU0Tul/W0z

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20ecc4d97139da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000e2696958ea453612611429b9644845b9eca106e219ce0a144505bbf70237d5e2000000000e8000000002000020000000f6e2631349220a70eeef6685e84cd2dafe7bec20eef935b2a0593bf328976b3d90000000a6101fc1622898167e1dec1d6e56093337d7245286f7d286dafb1052d29cbc47287a7f26aadc43a11776623805a48ba0a8e77ebb3033361f2c9af5457fb4fecd5a62b89c1088a5549e42252477cc2c5aadd2ee9e2be382005c3c3e5b6079889b0357ea4d2613d82206c87467fbcf07fa2d0ab5485bddb9c4e0dede23b319dc58a51b3f09d116f059566ac623bf21424740000000d260860a471ebcd62c2a61e22ecdbae5843669d24bf450bb103f78a16c633d2c4b3e00ebba7c26f23aa4cd0ac8fdcd886d03a9284c17c0f038a778a2d29b3978	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa000000000200000000001066000000010000200000002afbaf9673c474fe1d51fb4713527a398df20f8ecfcbe5e1b449424f922ff392000000000e8000000002000020000000f4eb4208986584472852b839693bf5882be786144999b964e695a521b090f11c20000000e7984c180ef15055d35ec88608a46d73378cd8ddfcc91b3fa2f8d0b8b04b31e0400000001777fda7b234c81f0993b770aa2b43ec921b91d33c7b2c955dd4353e5b3b404969a9bf4dc27655a17771e8359ab3148dc1917cdf41f7ca8e12191914abb52fe1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EBBF1FE1-A564-11EE-A7E3-F2B23B8A8DD7} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409918205"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1628	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1628	iexplore.exe
1628	iexplore.exe
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 2860	1628	iexplore.exe	28
PID 1628 wrote to memory of 2860	1628	iexplore.exe	28
PID 1628 wrote to memory of 2860	1628	iexplore.exe	28
PID 1628 wrote to memory of 2860	1628	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\20ae84d9bec3c2d9a1031fe03665e70c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e3005326bbddec128bf63ecf78c0e76

SHA1
0e5017b609602328a23a7e1d175e4a63daa98555

SHA256
d734f0bdff0a81a4f9663365e4fd490c3ea7394f2c3eeb80a83332900e2006f5

SHA512
5e3a1e0f4ff81c89a3605e008bce73739b803e89973009d85c55bb87bc1bf3ea50fe4effd57c8a4b1474f77bb2195245efc9be29b1547bfc1b9055977ebcae5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2ed7f5528f193a8b3ad85899842ee16

SHA1
38aa5947dfc3fcb82ae440b35188b9c44a88a316

SHA256
f63a0b5f3f47eb64674656770a3118a8e2f265b4a870b59ef15befbecbffd066

SHA512
326065ada528c1d60e3954993af7864ce76c81edb615cbfdf1810b99f92aef3fb28500ed11a808509720fcfca6d64c9c52bede675407799a383c5f74f9dcbc6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5af00476c87076787afb135c816281dc

SHA1
0bc93e1b7e3de84d3a5a21b970ecca3c8310e946

SHA256
2f25213122b9fa307facde1c3651ac28db292c78d32b87424cfaf0a9d2af7ba8

SHA512
ea3734386f4648550178274d82204848c2c352537fa52a310a67f5377a6d91b8d373dc414e895489382cd0c71320af5872f15fdf2eb1c14bc5e46f672640c1ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ec1416a80add6af9609aa05942e0183

SHA1
e8d1903cb3c107aad8655ea32454cca7bb70be37

SHA256
3b2e9f09b116b23a3ae80172abdd718a32da92cf31842bbb63ce60289882c764

SHA512
752595f19746e794a0ca3e5bab40c87a5a12d4f6034e3c33bb921af563fad27c07de7f35529e43e41be56a8f6906f8cd0ba90b5e812333dda73b28293c18c53a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9455aae40c9b48c1a9d36a14168b1de7

SHA1
38d4db5fc9b03b7b19c4a8c8bb18aa06ed834340

SHA256
e50d3569f4444d7dc25199e1ef64330566c9ee9a1c4892ddbac1a830b34c71ca

SHA512
982371c6a5c5837fd3cee9cd27761b4de6bef5702263cce06d5d06b4b48482b6898a41bc4a87b8bea83a06f6d41be2cca54b5bbeaee9b61f69b40441730cb467

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdf473a8f2689a4cd1894749817ed60e

SHA1
52e6be0df6b0208e0c36ee72a3285f06a4e1da06

SHA256
5900617d1f2fdf1f1488829ce66186c1c6b3fb0449a3c95fd600051820fe0666

SHA512
eeeb62c638ed9535aa951f797ac7af7a8add9cd5967c76c93922af69778a8b57364aa029b252f7e597e8d2ae7312fd764771021fe3800982ebcb45e0bfa4e49f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12f7f593a4b353897b4431f8abcd1160

SHA1
9827c5c694962b99a640e2460ad560709c5a5de0

SHA256
6246d1a7bd25262b3f7fd178998b4a869120bced9bf6bca443370d5adfcc65c7

SHA512
33bcc1e1b5b50fa569fbe7e85f1b4e038f808e4ddbd2c272b502d57abd271e5c3b9be4107dc1cac74446f85dc05de3397f4e13f17fdb44fdcf07f71117e56f38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1021d3467ee51074a6b1c9c77b5248fe

SHA1
fbe0c86bbf43b9de61aadcbe51588db92ba506d6

SHA256
4e9768bb5f5d1a26738503bba89ecca16afcddbe8cbce4e8dfc84169699b4135

SHA512
30ed203e9c785703dce6b50044ba8be3dc8257e76136b34b5a91187cfef7862954d7e78788e428a15ccd54448e7c8d77de2d42c929a2e7db7fc7799570d1ff03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f4916688a92a105480a4d9ee123f255

SHA1
1a58761fdd580a4cb9c33fd0fe2a7329d5a3eeae

SHA256
27755c5c29e88737116e570279e7468faf38965a3a1c573cfb1731c35f25c1d4

SHA512
645474a8ad02fe6cf757debfcace7977c6dba4bc8f43a07ac097756b34b2917c9eb6c4bf267cb57abaef586e534424895de57da98582955c990eacff5a1a5ce7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad1cc387a308068be9abb884c81d620d

SHA1
9484134dc527f870c1edd7dfc82641bf51cce21a

SHA256
716bba3fd752af9efe9950d9e7e6c36da44277c561b55582b902e0df35e04a3c

SHA512
445297562d3f287bfec18da5dea94121a149f11532792e657cb2b68a48be7ba9396fd14852d74c30bf7daf320502e01170725fd8f740fe3bebb64547f05e80cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
555a7c5ff189e46fcb48ffe900a16373

SHA1
66551ef9b866947369300a8593b42686f7d8f1ea

SHA256
60d66863b0371c21b8073a57e0015069cdbdeb6a3bcee4a8c6f3f7df3ae2a54d

SHA512
9427be967b4090631c13f49c6f877747b5bd3e3fbed28fa963d2fb659a67c215fcfde0bf556878ee62bdae9e9e01f42232ee78d4cc4cb4bbd51cbbcc05035a68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a2c95c1b89183167e7a7f7e628daaaa

SHA1
e48f2e522ececee8664b69e502062ac1c5733d5f

SHA256
f74a1bc220f4fb94757a1d4482e201eca0abd81f0cdde0de422835de4366e7e1

SHA512
960fde9b06e9fc80ddb0c7e7379505f01e5c09c102855ef3e928b9cf6a5c50b5b934f62d006223893e24561b7b56a7601a932b120c73f51ebc0c36fbc8863502

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebbf18361beba4c0c87308ef0679d180

SHA1
d495b363c6e1949a56b00d15c79ae5df7b74a7bd

SHA256
4763278b53ce4df1d5c2367081d7a97e53275c45bfd4b6ee067a2f871d56974f

SHA512
ccac754f6ccbbae4807422006e296a0600338df2a44337a1ab3e2424ab8882ed15313b70db8bf3508a80f45e26ab42d192d62cc583286231c190a59fbd48043f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
981ecdd6634e0582b849d83d406a7d55

SHA1
35f127e1f80f1caa6a7dbd61a7524b8780a29be4

SHA256
fc4dc27842a3f57176dd054fe8988bd64fab27c29efbc0b3d9ca2b7983eee061

SHA512
7e3f6afe49126ca1627c91dea4b8555280d179e567d0eac6e8a19ba2ee63a42137dcee6a4ac0431ead59f213a8a5ec0e193f8571038e909a14b49c539d35fd5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98f4bf1c67430a1f24caa30dcfc2a17d

SHA1
dd40c0e4e244089e9a4dd1c58e7c89e6b7d206de

SHA256
47c96a2bc644f12e4cc37b5cb87755353aee4180ffb889af35a4c3c2cb5ce5ad

SHA512
c0d305589f39f2947932fec1747c44a561d0236e2c943379010467810278e1f0498aabf407513dbb439b966217802a9edb58f6279f342805d0c4d7e11ffc95fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1D52.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D54.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit