e852fc8f6fce872274d287e8616a9571c33f9284fd74069f0ee9b3afd2389910

Analysis

max time kernel
36s
max time network
186s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d537e29746ba6d9aa18f3b44016b31e.html
Size

37KB
MD5

2d537e29746ba6d9aa18f3b44016b31e
SHA1

e42154a788f146327367742ce9b1528a393b27df
SHA256

e852fc8f6fce872274d287e8616a9571c33f9284fd74069f0ee9b3afd2389910
SHA512

f0e7d1815b4e41e0ccc1ada0cafc76bfccda4bc7ac60a6000448c151eb666be481c1bf8f265df5666cdf23653a44e45aae89b2ff20eae68873165bce92c3a78b
SSDEEP

768:S9S7j+qGvqGb2wQzRwOkmKJZH2JaGRXamidaGnEmehH2csw:S9S3+zvzb2wQzRDkFZWJRigGEFhH2csw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 21 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66808FC1-A5D3-11EE-86C9-CE9B5D0C5DE4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2780	iexplore.exe
2780	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2576	2780	iexplore.exe	16
PID 2780 wrote to memory of 2576	2780	iexplore.exe	16
PID 2780 wrote to memory of 2576	2780	iexplore.exe	16
PID 2780 wrote to memory of 2576	2780	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d537e29746ba6d9aa18f3b44016b31e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
809c106fe9c2174ea227b9fb90238a87

SHA1
3b95afdbfd53dc13bfe37c8278d3b6e9d7e96b94

SHA256
08b8d2a1ac3a8a1535ab3d3f43e22ba0ab97857a89511985bce617b376ad9687

SHA512
ebce02a5272e50dbe54290a2e2beda3d63bd2bd75ffade0e9af92a8e0ddc203ce3bb9c7b401e973d8e11cdc5d8d7553e58a1424278e5d4dfd206f1f80293d13e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88f665e9e6299b558445e2eb6a42cc3c

SHA1
1e9924a30cc17e6c218832ada3a105fb2c880d62

SHA256
fb5ff9ed3df410d506e445439ff0677c9f65ace30723844456ddc729320be0d2

SHA512
4ad61035d86eeba02e719ed89d9b8adfac173f9efc8dd601623cfcdc891476fbbcbdfb7f4208bd8a3711ccccf2c22804eb9203ce0aba6ab95c7e503302a1b23e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5945abfe426c845e1f61c196eaa40bac

SHA1
05b4183e82963d4a0a3c2fc3eac62f8eba6ada1b

SHA256
7163f5e14d8d6b638dc0db0c94733c7c65d85cfb1048748b0cf30d7bfdee089d

SHA512
7ab9594a6f557fd443eb75efd65d323dcbbfb7398fc25d20a129ffed327cb15307b154ec8b9e3bc17f933b42269b0f8d121e9f1489a166f2dc927ea4ca8beac7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f641ec4072729516e2bd322fb73def0c

SHA1
f7b5ac2ff60c1fb5dea934b8d23be97fc9981efd

SHA256
14c153fffe7162ec6aded6b58c09cddff633cd2c0f0b2f99bc1ad0693e2b3656

SHA512
4ab47e1be2b694388b1bc15ce4e219b2e953618c18a4ac57a65b3fa50010a6d893bb473fe163e86c3d5407023546c18450e2c9928d9d71e510b8271776e3e924

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b6a1d9e7a53d02846383819cfdfd947

SHA1
e2481f99f99b7850a19931a8062c71f7e73a1c34

SHA256
30c117d6940979498315d6ff385b13072c95e22476678b880a9f5875fba9c570

SHA512
8f453e7e4f708e3bd27f5893ab2d9be09f6a80c3809b2a3de51bc444508895620b07007ff94d53dc14f2dcd033fd1df1944393e9bbf02fcc77022bfbfeeaa7f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a66998304c888160e53154b1a334f88f

SHA1
5167a4b4bf59aa1d67d5b2cba4e16243ade19dd9

SHA256
60c499635c118db1d479cf475bf73a0b468701a304864a1dbb77a71946dd7010

SHA512
000eff8d37e5030def0eb6c52660820c996b8704b5d0417ff887cada4b5f446226cce21f507a56a4c06d9250ce83a004ad2bac74df45eccb73360e219936f2c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0304c00b95a2c39f25621c0533a30577

SHA1
5fdde3837081ddee7456f26bc73b37e3b7421bba

SHA256
08359db09cec4f07ba837a75bd81cb78065d26bc271191d01944a81d710c81ea

SHA512
a64d8d743018700ca39ea0bef287f798c06157e69d3cfe134830720e0395813032863e8ee6743fd55f052b1cd928a6450685bc7995710752827ffaea94d8a9fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd409e0c56415fc8f6eb333c213053c2

SHA1
7179af2be29ad5646f3f6253b032d9beb13a9a5e

SHA256
8ff26328a5bd6e7eabda87c0294e35b6c4436d2ddaf39529178a0f50bfd79e40

SHA512
42f9833e0ddd3fe8d69e69e7d6a401edd468761ade9ef0499e4cb656f405bcf6983b51e55d8e17fa7ecf1c517bb5969c88ac6bd3232d102178881613d1fcd05a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf50634fe361f18242f543d0aedda9ac

SHA1
e81fb0d0a1df9b9b62a0c57fc4d972883897033f

SHA256
bf69a9e84d6f3984232947609433a97d5aa9a5468039a0aa374520deea8533e3

SHA512
22ceb000fc5a3efb0398a071cb417478c90f6ae38577dff68516c911eb32e9b4cb19a62f89f6ce0317b2c1933593683c382b65c3cea5ba8ad11d4e25c720c310

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2812fa0ac527921d67a65fd5bedab2d9

SHA1
78a9b142ae9a1eebe9c190fce681c1ce463d161b

SHA256
966e136fb7c570dc44537cbc2ef6120ed5dca4819aab1dd322269657da490cf7

SHA512
1daa47443d648f090ceb773c44148e0ac19b449fa258fb27eef1a97d838618acc2befb8bb00b6cc3037390b21e3a00b5ff9161e3eb3e2238076a010ca9e3a32c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
966cecca8eb960b35250f71f8c941d86

SHA1
b6210fba7bf025238e14699a6f7159d2a5da2516

SHA256
96ecaa037093b1d3702faa81c3f77a037de5324e18e2c4aa63310d1f7396f64a

SHA512
791c87a45c71981d702195aaad982940bdb3d69e2b8133bce0eb7dbd664ef24501f8e57de95ea622cc6e93204b6c3b2d0475ce351e3a95cd154ef5af0cc7f016

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a406bdab31d9e9ead1eb83c511ef5b3d

SHA1
da34d4be2d79a9cae80b149fafe129be0126accf

SHA256
5aeefd1b829aaf8c7fb66eb5efea9eeab31eee73639f961a22fe76223a033de0

SHA512
844517bcc221375560e2dbe99c181d6dad2cc07b478fcf61fb275e018bdb9780999b7d17761ce33fcc4e4fbe9d2634d4d805db84d31704025e297062dff124a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24cee9e0e5db639a947312b227c544b8

SHA1
49aadebe355b27c782320a813a4c29142b29ad1a

SHA256
cfbece7c87a3ae47d10b3a8e1999d3bd7f4216c6476dd06f4f1060fe90098eaf

SHA512
4cde2b9a5957411f05062146988dd20b31f6840f81a7b0148ff6ca683e9c08e364b8d8336425a8c3f99ae48a26d5c925210c229f07237f03f91db8e6b67ac333

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe83d3f7e08f367ebee1d73aba921f57

SHA1
c949788662c3c83e19c209426407a09e48b96343

SHA256
b0257eb6cb79c8fe7feb52a7b28806727a042730bcf042a27832e11838f53c03

SHA512
2ef6f3cd15bfc4f8e29b21b75f41b110ca89556ef0f7a20a8875548c28161b501ad2653e81ef14f1dbbcfa36a17a71c55246f973f01716f385adf31a5f882fee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0ffce82800f16bfbbb667d2e4b797fa

SHA1
a38894cc2b3f68f3661126625a871ff0d9a351d0

SHA256
bb5f53efa134fa10014368c057c1f0ae374e4f5bf816001fa7b08d0bd461775d

SHA512
aa3276e4874d19bbb0bbee008a80e57b8dfc4aaf8fea681074cec29263e22ab673394c23bca31b7cc268db24a6aefc1eedbf9de87d637f2327942146d0d0ed75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5c005fb7279fbf1d71073f261d41b7c

SHA1
e5f65adcda60074cc64701107fd96ae0d4d14f80

SHA256
bac7925429483f6eb3a2a466fff2b83d6dbb3649ea2a1ba7bf595b5570502651

SHA512
4c823867ab2ee6f59899645dd6544b8af19ffcc2bd046f5d2b6081de6398d4c872f71e0f257ee3ebd03c7e1178652ecbe3d117c9dc3d93803db510954e144111

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a61298b1e962cb68d5538723957c37dc

SHA1
bd8acc9f7fa045d3503a7ef2e2b975176b802cc5

SHA256
a3af3a81a56b97f5bfb008c402942f46b3763cd8a3a66f52cc3afcdb0b9bfdc7

SHA512
698e505986112789ac8b3b83d508a88858f8b64a58375d8095c7e37dd7620a454caea10ad876bcb1a3d06e5543d79d259c4059a47bddd73f575128be9172f359

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFCF8.tmp

Filesize
56KB

MD5
595092e92749453dc1037fc63afa9e43

SHA1
37ff7dacb3d6d040ee0f73a84f419ac51fbb436d

SHA256
37e52204170b32e25897db38bbd5c9007910238738ea47456084227c70394e83

SHA512
ee4fe6be7afec4efff50e66cb4b57c14de5e052cfc0172e603e0862035ac027ecead25953c9629c206fc4e934ca8f0c443295c7ef6acfc759dfd9eb2c510c059

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFD1A.tmp

Filesize
9KB

MD5
36dd7e1886c2abd48eb6c4d08ba2a4ba

SHA1
4d07382641ee120fe26ec06a60d7fbdc15bf6c93

SHA256
4f5e01f3a2370cc3739ccdc10bb32eb1250504af2722eefb846b2de8213ddeab

SHA512
7b4443aaf9b72cb291ec134d799c833a2134f22e73ec62f1bb9425e78672f39e052d38b712c04f65e249225cc7d706a74eaa52e17b06ebbc2ce8dcfbe03436f1

Download Submit