d9c720ba3c7a947391cae629a998bab483d6d58b86a74c3ba34548fd76badad0

Analysis

max time kernel
177s
max time network
222s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26c001790114e4cd517f0cd8d096e810.html
Size

57KB
MD5

26c001790114e4cd517f0cd8d096e810
SHA1

c2f5620e38a1e740f99b6217f197b42cf34eb767
SHA256

d9c720ba3c7a947391cae629a998bab483d6d58b86a74c3ba34548fd76badad0
SHA512

0ed009e7626c2372b473dfa5553871c029d691f0d7ecf925b86da7f6799a3e1b14e2f43410f5a790ac8f522aebc669f5ee6fc3bd84e50a5be628988b87409e67
SSDEEP

1536:A5NVWDzZQC5r47nS7j6D/9eDFI9ZQI2d8c+xVQ3Pwf:AzVWDzZr6V7xxVmYf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93E1BCF1-A59C-11EE-8097-6E3D54FB2439} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409942127"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1916	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1916	iexplore.exe
1916	iexplore.exe
2152	IEXPLORE.EXE
2152	IEXPLORE.EXE
2152	IEXPLORE.EXE
2152	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2152	1916	iexplore.exe	30
PID 1916 wrote to memory of 2152	1916	iexplore.exe	30
PID 1916 wrote to memory of 2152	1916	iexplore.exe	30
PID 1916 wrote to memory of 2152	1916	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\26c001790114e4cd517f0cd8d096e810.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc41247e00e60e81e608b7e9fca9a297

SHA1
edb4b93c20e80ba235ffb1ee02becf16c2a29842

SHA256
a8cea67682515d384ed5de1902842466a91189eaefbb52fbd60a10fe8d111d95

SHA512
93dd0a3f6aeded8ab95e2709450fa92a78e30bcb1d2f2ad3a1b227174140490275e50591bbc9b6f8e8fe5ad66e6e07b5a60cde88a077360c65ca4844b0e22ddf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed5669f78458aeeeb095ae85893fbc6e

SHA1
f2f235d3550cc1e38fb085ae18ff6abf2e0be249

SHA256
da01dd1b3ff73b2c9f470b4cea0d07ada3fa0b0d17d180ba3474fa85771791a6

SHA512
cf4b206a28743989e2a191d205e6e801614fe2313f9b16334d6ecefa02fe73d195e5fd4600189eea3df60c76979b656ea95f2db5e945fcf70975e04b67fe1ee2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54bbf55aa41805f328623c1b832cfd24

SHA1
5cf1a594db6cafe93b5adde4ce250f7f0655f33d

SHA256
ac645822fcb46f5220501e3e6f31dbf7543d534f59310bc85ff5acd32b604b61

SHA512
4457cced16a018c0f046bf94bb50d598c728383adc909341bcb78c92f5d66909d119198f4aaffbfa11017cd1240a09e3b2195e4c473f640937fd8026ff5447b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00d76f66141a62f9afa08d9f6df33ba3

SHA1
78c115e700da96a57879301c8b4db073896c5a02

SHA256
4a23feaa5eb49b5d33ff94199b3626bd359920341b32f8324c12d679cfa78e17

SHA512
581f0464ae91719741278fab12cd99ef017064d0b51dd07e205e38497733779ee82b6248cc68baebaef76bfac74a545ebd2e68d66c8c9b06ef6d10007efaef70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e1cbaeb34abea30137325ae39337328

SHA1
c49f6c52367bd04bb2ad0d982ef915f013d3900e

SHA256
c37ba2b4de0523514faf925003056d59c66545ca45906f6af89faf4dfe1acd39

SHA512
0bf615561eedc967b7c367eb2bb4565b9801b51ba680ec929ab6254f5416f94c12cd6602108b101c89e4ffb8b08cad0f6a95929e7fa3ad6888a95a6033e17ee2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2902a2b7861f6328f7258067819342a3

SHA1
f841c8bf5c934ee30f8aa5e20625795e2aa21652

SHA256
bad62000af45e19acb4b1fbae70a669c9f6e907bcce28388d1e14a94fee9a893

SHA512
7f964362cc5adcfd40d06923db8b379e7b406f4618b8cd24dd56688484eb04c09659517ecc3075053da4899294963e723ad64daccb0d50f637142c192e071c77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51f3ef763476a54c79e964cd27c68266

SHA1
4eb40003c1441410c3fa2f24052483379c4f0267

SHA256
9e4feaf3a87323013893eb76b8febef79efb47d4804e47e71189a517d7687a69

SHA512
9fd76d6d4928a8bae6f62c0b61e79efbed80a17a4304084bc7333fed71e3812735bb97d60f347cd79d4a1dccc9277abe34255aa3ce802b39fab7b1c0c3a03d4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09be45311daa2ce61f38e125bd55c7d9

SHA1
1cd446193a62862188c9db1e4846d67dbfc345f6

SHA256
89e33a9a4838dbac6d406971f7d64e7e447c995e05174659a5b3c897ed2495e0

SHA512
a4c817fb12bedccc469e2bf7d8efa9b38dd2528f6bdeca7029271b353801e2dfef47b86aacf896a0c443472510f77cce60cf3f6578495884a217870378396e7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8a25998d1deb97b57b0c9c4a00ca929

SHA1
b1632158611f710a6ce5ec4daec8bd26b013a298

SHA256
e265ddc05687181a8dd7d49de1e048a1ea0e47d8d7c6d1addb919c2038c7735d

SHA512
2effe7a70fdbddd9dd4c7e2eacefbe1b47ccd27ce3964a7b6e54160ccea83f6e0d593dc77e07b3fa51a47d68301358eee05f01aa8facb5cfc766f80bb7d27761

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41dbffe6ab215fcddb47178cba3064b2

SHA1
0bdca5f357d9f057ad6396af22e5f847821f8f32

SHA256
f0151c4b0bb732f3c66c8f96bdb10c77767bf8200b1abceabbbc7221944a09a3

SHA512
1d5b2e2bb7c14af8bd08cce20a95c2105350f0d0105e16051b6c85c14c611b9378468f57df1dcd355264ba8b9fa3350edc215dd15aa561145177852a0bc02339

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
626eb77cfbc212b0a795fc4fe90ecfa8

SHA1
c3e29ef91821d63e74997473b48756a3fe0c1d31

SHA256
04e502ec3ae281b60f36166d89f4985e18ae160caae255ef6a6a01980ce4b1e0

SHA512
91c6087675b8dbc2436ff76639ff15ea75d7c28bb877e4260b973ed52a2a59d643b93160e833aaacd160d37f904630ca3eeb4729959488f9b2a7042e056f4662

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ba098e1e921c7264a88834c3cce39c1

SHA1
10f3e35b0abc24bce85323349beb64d5338dd9e3

SHA256
dc682cde5ce9ca62ca253c58dc36c663f88aa167c8a937d59b26dc2c404d82a2

SHA512
dca3bc7adf1461517f210a9686a67e5857cad8547e7fb37b6220f184dd8a42f4d5838a1d3690d22f7f92dd541d0261a7dd7a505c4fdde46805adb2b31b53e0b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5c0799b7b8eed59dfa48f5726eacde3

SHA1
b71aca2bdaf88148fbe534dd21b3ae21869bb131

SHA256
a0ae14e7f22edcca840f723b629fb208dc7a4de02d27c56f53919a6b2838e191

SHA512
b864e5c50b53dc5f308280a56dc848c1c9dcdf788083d9ffd0c636d684edae6d5735f21dd301b4c7eb9dafc07d706760d62b71ef26226cc18f1d034d5e637822

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8362e9caac8334e3c6ab3a8798151a97

SHA1
7727634593cd420fd11d0191ebeb919575b3d3ad

SHA256
10043ed83b8955b3923553a529d502d8f15655194a004bf745ab5c4e57c32117

SHA512
64d381bb63b0201a047df3340e6b44058854206d6e8a58a0fa95616cbf4573325752c5f13ad1f04d84b16b0748eab86dc2a420fd38cf51d394a687cb3c7eb7f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72a516fe1ebf8e6509e9c9a52b6be96b

SHA1
ec239ce67206ae055b5d3dfa2325a6030d59fe54

SHA256
71bac9eff81dc28371d312b1510fec815f9dacf32c3f172d176d1448ff942b5b

SHA512
ea3a807996a72fa2460ccc45a28bc6b4d703f833aef0e4c4ab309736645b89723917d485942b8116f3e04b836b46c32cb3afa52a869f5766ca7f0a37690fb834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c81f0eccfcf17497adf1fd182432240a

SHA1
c2ee47e7f206adf20013f8a4ff4ed60abefe110a

SHA256
0d2c3ef33898bdca4144b31806e15a8de754596097780a52351a1933c07178a5

SHA512
246ba6ccd854e37bfc3be67a21df176afa2a908a3b513f953eb50f95526cfd1977219392faae0918a905e7692cf6da51531a3b2f5d4c4557b66ba54ff134183b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31e294f40981527cebf8bb9048050da9

SHA1
c5814c79315ed22f43b772ea09311516f9dd95eb

SHA256
082bb9c755a6c56f27efe183888b1977ace4e02ccc382f0f12e7ac6d4d547a6b

SHA512
23840892050b97e63c89818a31df6aaad3a9685d8882741b4740744c7616ed82fa41c663a553d82cb603a069767decfccc1d29afb1d1bfd3bd98c4daab75037a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b29c860b4864ebac3b3dd4f1c870479

SHA1
ca963dde48396a5b5ca992e0e5dcd511a1b02594

SHA256
03bd2d2828ee9cfecb3adb792b2fb861efe1cdc999d0b93f2ad3dda860db52f1

SHA512
3b32d1f162fbef3bc5c6c6c46f11a37d8bc42aad5e9d551b565aecf02fa7222de24ecd105df816b6d414840afe35a811d3842e6095407214fb3455fa5a92ff40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7adb59e9b3897781923c7ce5b3a2dfce

SHA1
3019c9428e4833a33a7790691b2f88c6bd216db4

SHA256
49670c3dfe6ec09883e1a222bdeffa75c9252734f620931502260c6b8caca299

SHA512
285ba6ad9b433a5fd64067bfaf31245858ab9332c59f0ae8be19045d4afa679c45885fd7d789518b00ef3956de1dfdbdc764510e79456cc4f6970d186fc2b37f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YVWL6AI\httpErrorPagesScripts[1]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTTGCPI6\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6MCRSFJ\dnserrordiagoff[1]

Filesize
1KB

MD5
47f581b112d58eda23ea8b2e08cf0ff0

SHA1
6ec1df5eaec1439573aef0fb96dabfc953305e5b

SHA256
b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

SHA512
187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab790B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar790C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit