e85f54eadc0a16a6f3ea91151a185b8379fd9ef9da2364883852351755ee4e13

Analysis

max time kernel
120s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34669411034e6db106dcd72b2b81631d.html
Size

44KB
MD5

34669411034e6db106dcd72b2b81631d
SHA1

a05a33f9188832b45d42814e39fcc456ba7b0191
SHA256

e85f54eadc0a16a6f3ea91151a185b8379fd9ef9da2364883852351755ee4e13
SHA512

efff42cf55ee7542680de1b4f0457777a9c2c9b1b62e390ac9e036fd33242decc24b08fad3b33051fa15ebf6973b001a6bc661dedeb1db1ee659a75bdcb1a36e
SSDEEP

768:3hQT9p4Fg1JjF4Gb/1NYzRzz2xYAo90/A:3hExFH/1NMzz2yAe0Y

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000040498fb1229a316178bd49ca40c857c869cf00a6e9b29e2f35091eb8503893a6000000000e80000000020000200000004bdd69b337abc1ed04d25e97a8d3dad493c3056eeed4b2f7a10c7fbf03a41ab19000000080334fc1d3630999384aeec9a942fa12ee7678c2e959536d4808a8a007de824a05ac5bdaf08d53030e41f47cb160715d90d426e119867a52f5b38c5b4ef39842f4f2e86173b7572c1b9759fc07045b90936a69bec1eccbc794de002da7e142bb5334e599ffec35690b10b9e085b432d8a7e4163ef5dc31f9ea5ab954b990ab7f98ca394e6cc5348a8ae20b3744e17fcd4000000030fb65f4ae4346ae05fede6a05fec728fae3a50e39d0688d1c0a61f401b5c729f732e4c2a08fff77b7fb5ee21891bd3298865f6f3b9a38326cef027411072180	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0c8f12e163ada01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409988829"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000059fcd6241b21cb501e76c6b9dc4f38d278a02734104e3e483f5528f7c1a63ed2000000000e8000000002000020000000192eca674ff32afd8f47a732ebb9bfa2f3b93c164f4d57793d16a51fec2582a3200000008564a6d61bb1daeaa2897ea2d7f0248a91606c0d36fdde19f3ac9ae08ae4baa24000000011aae8a37c44907d603df673e2fedf79dae48cef9f40961280e142d1339dbd309785e96b61b19d6779337b8c48ad8426b887e7aee821aab47691461e3e965886	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{598D9701-A609-11EE-9B28-D6882E0F4692} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
456	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2012	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2012	iexplore.exe
2012	iexplore.exe
456	IEXPLORE.EXE
456	IEXPLORE.EXE
456	IEXPLORE.EXE
456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 456	2012	iexplore.exe	28
PID 2012 wrote to memory of 456	2012	iexplore.exe	28
PID 2012 wrote to memory of 456	2012	iexplore.exe	28
PID 2012 wrote to memory of 456	2012	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\34669411034e6db106dcd72b2b81631d.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8669c123c782965aa7d3638bc657b70

SHA1
5a40c41f87bf8d0cfe732b43670a3eeb0e20f3fc

SHA256
77ce86abf4b7ca10e59173fd2f74bebc360647a93404d1dc4c103d69e11a829b

SHA512
ec934fba7f71fce157f0fa592e5ab330532d8a0122301dfed8e13d32b959c0acf006a8fd83b8ff5d8e8805fcd03e5607caf165960dceda7ca1e062593faca229

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9c6eae98b2b1a4c71e481bd3f24a598

SHA1
a5755620468a064d4e07794bd8fb4dfb017ec2d1

SHA256
c2f7bbac46defbeb0e442685c48c34429eb89339af4d64ff7102eff255321ea9

SHA512
7640968ad3877eecc650b3906214dc83b988eec6e2e29225a4e5e57dda9f15576c065da31190b9d73fb19b2df6f49af239f9c040fe21972233efe66bde35567a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38a3e0a02ec108b69b84ca49200cdf76

SHA1
6d6b5d540834688d6beabb1c716cb48555db94ac

SHA256
5fc5f2b4f4f2863e4e8a8bf38c5b85ac3413b6cbc484d7f384ea7e1ca9f41f1c

SHA512
22d3bdb84676da39cca235abd0e9d9030c683abeffc1750b6a7b545e31c4dcf368a3dce32317e3d555886989a4a4d0539e2a7893e045f22ac3eaf795eff2a52c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e90697cee6540443f27a5911170fba62

SHA1
f11276da590fee7e61f84ae3078fe06eadae74dc

SHA256
8a0648089e6316cee777ebd592303cd3d28574da1a2d0819711808907b4f09c6

SHA512
7ada5b3d7f0bc1c77b9b9a32cf094cc80ba7b7289fb41c231481faaf63dbc309340fc4a5210fb49b44b04d7477f3f7f47ba93db2ff2f4b3331fd073f1b7bb61f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
472c541fda41c0a753b7cbed2648bbd5

SHA1
dae07600ed91af99697e3ba1e56ce5b430cf56f3

SHA256
b638fb10beceda116a7b8235a91bccdbbe98661696b6cccdb5b3e4c1743e38bd

SHA512
fa6c760e610cf97668402f82da423c49f356f63f19a9f4f5d03fbe4a63a012b535d8b600fd5be9522d1288e07d728858c7fa52b195c71389ea0853b6b4a919fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab1923cc9f77e5163714873340bbdf2b

SHA1
76abb725d6383d3b9ef6ae8401ee6fda2630aedb

SHA256
cc885bb1fc893f3d280d531b606fa35b57d003cfb5e85bce212887558a71fc31

SHA512
6d55a195c42e2f126b738f6884958cc108495370cf2acc0ec91e59f5860d63b937d61ce0da44093464a2e45e853363086b70b88cc5c1ae7e8666a2c5cc1460a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2bea76b0fe20bb08bc2c1b98b72d4f6

SHA1
086eb21ea736a6286fd95ce737baa63b607e34c2

SHA256
7bf69cd22ea80d33e312c6693348efebf94146f69df819f6df6f1fa1840fb76e

SHA512
405b4cdbe4abb8ea7a982e2a293498eb5621c4a43fbbca50e986d2989eb2cbe8fd5e3ab214b391c418c47071c3a254da3b6e860618bf688f9bd16ad27cc2ce85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbfdc382685d3d5b7ae506fc85dc73ae

SHA1
9043748fc5446694a36b8919a71d754ea94ad10f

SHA256
b2b02c774f9ad1ad74ae03890e1213a10f41ca10e3f2d68485defbb81007c010

SHA512
0cfba0c4a224e81d6c774704da93d6979ac5fa1711257715fcde4a45e99bbe64bb110d56e0c718e0c9b70d1904555ec758d449731689413f7c3864e27a6061c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab30dc2fec1f68891db956b0cb98e6af

SHA1
ec903b377ba8bf93a9a803bb13baf6d1af257f87

SHA256
5459ed0be85afce34bf380575b331aab55c4e962b8cf6c38af6b6c476396a440

SHA512
cdcc07312dc0bd6390927de220dd751c6c2b1880d03d771c8cebe841c20ea824d36a9470f1b0245970e7401c27d7041c6c6266ef508cfaa9235a25933b95c4fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b94e7d46b3087f59b9a98fc816ff1f9f

SHA1
3759d9c9cd623eeacc2946377592e02cd0e7575a

SHA256
a92d58d738d671250d9e3c32e3a6c677c9e51cfa0d1150f8a3569bf968df7cbc

SHA512
75afd77b2620b3e39d336a7cc0f8a65c0497f4a4228fef13db6371bc69549535ce0fd7639f7c43c55a07ebe1f9a1678389cf7d2ccc8fb5c60f9e315e04caf589

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b373172d3571cd57a91d66ca6e7a5a2

SHA1
318cfa3eefc1c0ab6d5c6341efaef35e8ddabe66

SHA256
6820db41b4af40cf2c50bdbd0ec20ac2a95e29ddac36fb7538e7938d1287bb14

SHA512
b2422c09ce3ccaae7338a88a2258056e951b528026649673e763e93208a05097bbf08d4104924f093e63e7838f40a0f563a4469cf699ad2b69f85100fe6cfe25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a802a253ce859d6b466e8388431035f

SHA1
15415520a06144afffa5eb24ee3a3b69182d6e08

SHA256
76ad81dd5bdd17cc4f1e6f17cb21b1bd79d507fcb4b8d6c5a922b7a5ca730f89

SHA512
efb4d2d32beb3a3ce58e7cf6d91759db26e3f9cd367dd0db0c3218c2cde4d1604aa45faba78b8557a99ca1808b64f6f81cd772761486065ba8b10189f787a900

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55f95156e1a1948fd55785c1583eb8e2

SHA1
c3b21bb5dc98a59fb1977a49c4c77651cfc804f3

SHA256
0599a42f17b9583f9a182df096eb26ef9aa977c284facab08e8c7f5198dd2ea4

SHA512
0fc3466ca6bcbfdbef9bf1ed1cd90fc5f490d2aa5ca0a4f4c851df32aebf7484be596c9234d7190398ca95a89959f37ae52350e2600b1009e93a9b69316cacbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66b01b39701252adc64108ae446abed1

SHA1
47114439ad10a63b406907d4900f21a1e7a08181

SHA256
82c688d44567d495a86d2b36d8211f4e790f85e441e5b875305982a25e635aa5

SHA512
69d82ec127ef4b1dc5df59752c53494e7e792ce5a328ffa52df325febfc592dbd7fb95d182bc62319d75be9c25844f9c2b3639351b07b1725fb02e1a20beadce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b96289ad46434908edd8c3b6b57f3392

SHA1
5658fc5aa0eefb0bf6f34707b6be292b8fd3aedc

SHA256
1b3146f6ec3925a35ceda9bd443b79f69b2a26fdc10562f9c53ce441efb607af

SHA512
a0b7e728dd3cba173d17aa5c69c4cc04f689ab22dab34f67ae583e735795345f1760bff2f7b06c81970952c58c029b5bbe599cdef91b8eede0201a57067d306c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92b4ae6d4e1171a5b989d5a6ad3a3347

SHA1
dee8d8e04e00f934583c0b331d444955c38b8e2f

SHA256
ccad9e2fd469cdeaf66e5a60349c79e5010380ed6f6677f8dad4fea82cbca4cc

SHA512
d46fa7be488e05443b03dc8966f769ea67ce45df92a9d35f46ed09fa92259d41cbeb3fb1711b969fbbfa8c816b4fb30c36c99b495416eefc1dd394f758df5d21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8889d84d4f220336e44dcb34e319357b

SHA1
920aa70aaf93730f3bd77bd0f08c4ae27cf87170

SHA256
7754347350aefbc6cc29a76136a4eb34c13452a29e02df7dbcb8afe8152438a8

SHA512
03d2cd7449c1a9be4801c7e077267126df70871e6a1d18fccc53b12e97e036cd4ef362df9077718c8ec6fd59e3016a01c436e69f9027444ddec680d870d277ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5F33.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5FB3.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit