5e83d27dd86e6a8a55f29ae7fee34cec0d418ac325587463089000992fa6eab4

Analysis

max time kernel
0s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 16:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2e3dd066dce6b10d11bff9a1a78a4d24.html
Size

67KB
MD5

2e3dd066dce6b10d11bff9a1a78a4d24
SHA1

8bba6788df50c1b92cdf3f6fee9a3dba1f4fab47
SHA256

5e83d27dd86e6a8a55f29ae7fee34cec0d418ac325587463089000992fa6eab4
SHA512

122a893fe500b85de446eedc82b780a9f84ac13c11cd4983f701ea7c71de5888df24fa1ae3e2293337c55c278392576bad752a57ffab9e96f1c96ca044331ae6
SSDEEP

768:SXTuStC0IjV6DK0hxfI/xXZUw2t30i/TrLfzEiEpFxvv:SXTuX6lhq/xXqw2tEi/PLf6Fxvv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{48702071-A3EB-11EE-9905-C2500A176F17} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3004	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3004	iexplore.exe
3004	iexplore.exe
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2368	3004	iexplore.exe	16
PID 3004 wrote to memory of 2368	3004	iexplore.exe	16
PID 3004 wrote to memory of 2368	3004	iexplore.exe	16
PID 3004 wrote to memory of 2368	3004	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e3dd066dce6b10d11bff9a1a78a4d24.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
859d50a53a7d380e70236e843ffc3c34

SHA1
f20b37d93cf50a0b6c0d97eb38aaad9da149984a

SHA256
765a2fe9e54a30cb1f6d1de5badf018b6a6806ca3e6c33157226b947108b23c8

SHA512
957d4f80e086fc32cf899948dbc9bdb78dc2c63de2d7a3b627ff1148af352b0edc6f70dcc18d3a30517901fb72a7798ec302e8962b7b8203997fa4218570d151

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
7dc3a34080991717d6c86b8c647653bf

SHA1
0379075e1e86002ffaded62ae6a218033771d609

SHA256
38c0653dad5faabf474da8013d5418f24a8ba24ed46a16803c82378a2c479226

SHA512
9559676554459479639f16409b50e603a465bfdf23f6f918800fe37cedd9fa3c8930468a52cc8f7bf9ce0136084d1854973e83f98ca1b1d6cdc134943ff04cfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a847fcd9ce802db3a87446f10cc894f

SHA1
660f802a4500e602db5b43ea31498b7d252dbf8b

SHA256
d22492776036758bed3ae786086caa5591a798bbb621328d28cc76ef6ac35f0b

SHA512
1ca60a163e4d9663cf83aee1abcefbdf9141a15f2eb13d0e46f274774c149e79e41c487791da65dbd15ee8222f7c5322a64f092a2f4dcbf314479a5f7d610fb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bf291cdffadec5f1c33c554da6c91b5

SHA1
e168018e57ec20ba084e7247f3dbbe4855d6a1e5

SHA256
019fa84cdee387f7ae606e63d2fc87296ae9f6e1c4279850b4d725f3a8db0e96

SHA512
82a861444d09dc5fcb21a35174caf2c3f25c5fb6fd74239324a462fc37a572979b756d374fd925f3082982b33136be0b586e0b165872ef53f70bf1ce1f07b18c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb3dbd9f1cf35b8c8afbc0d9c99b7a95

SHA1
ba8c4b47aa059410003e24742d33c444ba68a4f8

SHA256
0f62cc7964f9511c71f5b793cdcb14cfc74095cd5a1346f513e9c1443bb5fac7

SHA512
bda93498ff625e1e7476aaa56dafd13e8f3967f3a1400f0ed27faa1e1389f007ab4dfaae29a7c7b89935f3a16b3952a28749eba8306dbd52ef4b5413a3fa4424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
209160130500e169d20601e4d0babe59

SHA1
0238239bf5033bf5affa3663b1827f45419c4788

SHA256
7125d64ebd7cbbfb2bdb8c73b506516fee20747d95e5c50c5884e61aa8798070

SHA512
668ca34361a7591398bcfebc6269bc1f0a137c058958e36ddbf54f46b8d3cc686bf2c68f128110417224f5e0bfaa02c43995dd87c65375370d6302a0d1869b8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2331ea30b2aa08c91c55cde3a3cdabb9

SHA1
eaf4926e5ff80cd27dfee589508be0324d862c25

SHA256
f495d046daa11dbd3a10b072ab2d29e680ad860e011473ab2aacc1d08f77ac23

SHA512
ca4579bfe9347c007106f91aacab185089c0e416955972b926d2d700396479eda16f9389e32e6c25c10981bb9a2dce28b101c3242a0c7e3a8372cc9620494cf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7212e662ee14f7ff34f23b4037f3197

SHA1
07d5d301b02615093998687e05cdb4a126eb1701

SHA256
2cd290d41595cd7909e61fde3949b5b9c9d2289e537a286ffb31086b4488c142

SHA512
c4b3e0228e7d5b57be0f0896a8409bd60c1cebd7a858c9b4ad4a0b4ce4dcd46578c23a006ac639355f5ac9e87e8cd19c4b86e51b13bf46b55d04a00a7455903e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0dcd36d9527481a9e891c804bccc350

SHA1
6f85114b18084464af69846557b538597857b833

SHA256
daab989393cbbe57cfd2e5d9dd9f012d1ae8e9868417bff139a7286daa67a569

SHA512
b6d70e40c6ce9ec93765c5fb1c33e63432d2dc3ee37b11ce96a19cb973de2eb168e76093178741f883a3c3da208a5527d64207624677104f88f00f89fbfc60a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
203301d0e3b34aca18b7f54672be9326

SHA1
21d417e69484ce2aef2a75eccac1ff3458e68633

SHA256
5a14adcc19306f1afbd0d6c3006328ca45590a3890346cf027be0ed38d09d3f5

SHA512
efddadf365b673d59b7249d539c52974af05c09112ad1ad4a091216a67969b9ccf7bb94b2b6af0911e76f732d41594e28899553aca2818a8860ef2901283c47b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edd023226b3ef8aec4beaf4b9c755f30

SHA1
ec06511d4ee704b5769f216de367803ddd3eef5c

SHA256
ec131cfea31ba45b142a801c95592a38795f992966711a4d5fbb4a11970fa071

SHA512
588a2c31136bfb37f86409f688be273bbe81897e4202c6d7e6aff801e8ff5fe41b4a6fcf9654ece3869423e0521e703fc51c2f6d0751c654c5ecbfda9226e075

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6f7236cdcbbd01d392500fa8d406c4c

SHA1
0f70474f452786f5ccfb29728ecc9373b45f1bd0

SHA256
dfac096ac966dd1fc056e7e3b6a457fb51b68810c2f3d9e72629dcedb03912ef

SHA512
7bd8b7514f863357e07dd191ba1276fef7444e8ef1733029981e274bd5c13df48edfabfd37e6f6ba4e668ab933cbe779c9cb6423da40bd477e5d9ca944d031f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfa57e09a4203d78236a063aec4a094b

SHA1
c3b7fd1a8f93b633b72aa045aa6f5d0b624bc031

SHA256
900ced132ebb891f886a090449f3601b88ff6cd0e7a73b0d5c9528416b8a85c7

SHA512
8d1aecaf9f3f81a65f0b93c6d3089e1bec4a19c50016deb1c186f7e9171b76eaa7a27ba861f29c13629cf3628389627ce590a48be3d083cd8f09f5ec46d1c4dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
327d8763fcd273579466debeb09c39af

SHA1
915e4a8dca421ce808c874c0a9762fe025ab2b92

SHA256
9313f1cf213834efcd2cfd221bb3d383808411d6b65005d70387414b94af351b

SHA512
6efa82772d691b9e5402e6633571a02510758e95a9a663498a161c47dc0df83aa064daad0182d039b245c322aafd0efdd409b02febbbb988e425dab490aad427

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a778be4570c42cc439169bfc9c1ba16a

SHA1
82f4a35abd4de33aaf2d05f4325c8b32c2968cb7

SHA256
b458025d20ac498532d1d1d684d1a22675c57a84b5c7aea032d6b5ae7de63aa7

SHA512
1c2326d3617691dc2dec855d9f2671015c5ee9ea1885dfcda4201ad8038e1da81dd816c16df85677763e9ee7db87adc48528e592d5edd7664794aec4f3e67620

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0554fc3db3566b0d5adb157815a8539

SHA1
b63462e4755cc4256e53270cde1a7a3b4eb0b5c0

SHA256
3da94e05faf59baa55d260a1ada9d0da5ab9ebd0f52a537fb92dc397c84fc53c

SHA512
d305977667765ca00411002fc0708c1a961742924210ac47e3a9b82300b5f8110025b5152735cf3ebdf720350855e9fc4d46ce4db32ae83e23b3ce1c7c5b0291

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d72add48cfeec96335c46886bdcd70b

SHA1
ab9d30d85d5e5cdf7edc49a0a0215dc61911cc5e

SHA256
b768fb89632dfa7b94086f99d3355e4559bbc046c3f09678d8d83e1060c9fa50

SHA512
e5b8cb1f2b0442b01e1bdaf3e4766c5841a45492218ba482f132ffd03b7f78ee13353355752c7aad3e2e4b1bb679924480c9e62dac9a05918665414bf290951e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99352037f9a227e7897f7fd1f10fe69c

SHA1
ef79fad71eaec2a361e6b8a5aec21f7bba30a07a

SHA256
8709f8a329496a62463d9925fcfc7fa1b5b6624e7fdd185563f4a1961a662095

SHA512
480eed7c049ef63370d125c4186eaa55280b3561ff3fbd049ce108a1a070710464e902d1530b6d7a60e68fe79fcc2747452962fd2939e92f5a16864ba5fc785a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f790e05709f087ca7d32c2c40ef1bc8

SHA1
d01e2b0a0313ec22e0f6971e04fa432ce8585547

SHA256
25aaeac8ba8da697916e38ac7a380642db27b6e075de1ddc553eea620d41ec7d

SHA512
2c7ec791a283ed19c9dc83b5537b63afbf8f9a5335d28d98ad5233d58ee490537de4488d0189e6c1b0d908a8a17f9b684635852876cedfdbf1cbca95a792a7e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30b82142c47035fb69a4b58b545f43bd

SHA1
4ca3d8b3178d8bfdd4415552ce48abbf5cdca982

SHA256
718f8e8d8c743058024e0b8932f867c96c0e3c57f663867b9246e4d127bed77c

SHA512
b2e0b343d9b9c08c3c5621b87aec928eb9ed7ec981e44486918cf8749d61b2c22726608ac1cd5cef512af4756cac2bf502bda304b81fe61d6789620a073df1e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b056092c7f10f6c8e88aa3402079e2be

SHA1
14392e51b8cea1c0d5a110863cb41f0e78e4f0f4

SHA256
4c49596f6505edb6c5fa75f6c9cb5f71233f703b971f27b517faa02d326c5075

SHA512
1c6f94f3f16b13ef0c2d4131c862c3722646f1b2fd926ebb036d5b252661ce180d0fad44d9503298a68c76f7dba9e39b1b87dbf93f4fafdff2d306919ae34c87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5454bf738e0c40edd6dbb28796e7e49

SHA1
b998c3633f555f2b1b2c6bf9ee59b2bbe48165fc

SHA256
ac3341858f8ea2f87b367784f53a85c4dee201700c88319ee831605876bf54f9

SHA512
a9240476d66b57840eee1a49947b18690f35b2075cc5f971aab0ce745b320d1cb2c63565a679060b099f9d48be71271cd87e7f71ed10ff3b0488671afaffa3f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2023fe60f511535e5100a6e3d0db66e

SHA1
635ea2d176600f9ba39d19b34c35e86d9a2b1a29

SHA256
2846bb518ad3d35f2d70d70a2da2fe9b02581630c34ae8f3c4ee70d30751e13c

SHA512
f9dd304a8112c871ff66fad2c74412505920f8012bccae1a623c72b119b73b2675312f5c66899356a260cd2779fed0ab472e43b99254817ac9d0062426d19e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\xemphimhan.com[1].jpg

Filesize
3KB

MD5
1622fde97cb2de48204dd99a94aea7e4

SHA1
c801d12e5b4e58e18557d3c7456f6a52a5c6170b

SHA256
9556082791526de9c3da166fac9d9325aeff875a3722a8d462c8beb52e9cf8fd

SHA512
94b2a4dcd51944e81b7b0cfbb7424678950004d8459a43f31976a4850994d78763c9ccb3a776b519420740b53c9c819b89b9c02b4349ee6b3aa3894332caf31c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar13C4.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit