4e83013b8599207cd7fedd10a604e04daa5fd4df7500991dcfba1c5c15d5ea0d

Analysis

max time kernel
137s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34fe36c453b0c5bc1d2d2cfb0977ebe0.html
Size

110KB
MD5

34fe36c453b0c5bc1d2d2cfb0977ebe0
SHA1

0b17639c7bf4f78851f033810d375d30bf8b9d43
SHA256

4e83013b8599207cd7fedd10a604e04daa5fd4df7500991dcfba1c5c15d5ea0d
SHA512

01c8cb7ef3b3b3431846b7a5639bac4d457de0e45b990c365b1a488c2fd9a8462fa9b619e8f9e8aa5721d028d854103480a1b60135c9604f88744485f2087bc9
SSDEEP

1536:nyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsQSz:nyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000787bc77a4590a329b843de26ba2e82947ce0a7c18e1781d229798753f964674a000000000e80000000020000200000002805ea2c287fe7e115347c69567e7325ba9d9bd345a1d311652a4d7d48f982ef2000000037571706b20b192939135b1ef7529912b7a59af7d9950cfe78a50b008c46828840000000bf99137033a77d71c66da081ee8a9cc3efaf73e2d20075253971787046e870dd1c097eec91ab9b006e0ec46ef07ca7ea09f3b01cdc66776d19c1b6eaa6c0403b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000008583791c2524969fc3d671a1b82cc8ccf23019b342696372f084c47b32768230000000000e80000000020000200000003e24166b5907ad15738a9547d0ca6e883d0c602a926880470dc18d648e3825b0900000003c9387d6098bcbd119f70e594ea16225fa0a7e85a7c184bbca44a7f3a1269acc2adac9c1b700e3dc00243c173a5f7697aaec2ae6145cd1e965288f890219e5fb1e926f671f1000d9e0d148cecb76aec71a1988b9bda933b9071429a718bf2303015466b2a1d7e15c53c75c3d928ed375f6a34ac021cc137824326a15f316083440d9b4f10cf1c350629d70f6289fd6c5400000003d4aeeffea1622b7f884eae47e71001352c969c427e8329ca054fcf6d7c1c83b93f508b37eee8a7f6892761580e1d66aed7d785736cc2b8782c4eedbe808cc64	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 902309871638da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409769075"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B28FCEB1-A409-11EE-B665-FA7D6BB1EAA3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2112	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2112	iexplore.exe
2112	iexplore.exe
1248	IEXPLORE.EXE
1248	IEXPLORE.EXE
1248	IEXPLORE.EXE
1248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 1248	2112	iexplore.exe	16
PID 2112 wrote to memory of 1248	2112	iexplore.exe	16
PID 2112 wrote to memory of 1248	2112	iexplore.exe	16
PID 2112 wrote to memory of 1248	2112	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\34fe36c453b0c5bc1d2d2cfb0977ebe0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
270a9652a26393c59d28149194e34d15

SHA1
ce8cb93e777d2123f726d9cd59033c9e0620e90f

SHA256
d30f0ca9310cff13ba1fe833d4b1db2a4c712fc556902eebf2a4cc4af093cb20

SHA512
8ca08151543c8716db665d59a482b8edadfd4b9b917e3acc1f9888255870b90c212fb9e5e241b52553961de659533eacc87b6f5e3ecaf0ea4e473b575027ea17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8ecf0efa978420a9b7cf8de65974af6

SHA1
7e21066ebe0558b715a83201fb160362e86dcb6d

SHA256
ef320d61055687a7d28798bac45e993e4cdeca9816f09ede4396ec7d15de212b

SHA512
712f5ec61d14d02c25c8f8eda24419ec6c673265a2d98a06151feccaf264e114fc601cbf4c354696a075470d6e8837efea7c9f83a406c75598842ef4ae86ea89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd056e71d5d4e53d231284f8a4bf3734

SHA1
14c8968a3622456d5c04c4f004cb4cc144fdfecb

SHA256
b6859b577779340b9c4cc6ad49f9c91266bbfa41a7bb13529ba90dd062ed9c13

SHA512
d14e7a5662016e6e9c79a75ba00c96ce671a3c94632bd613e15f41c4dd07e0213bee663eaf43124219696107d7ca2d0004b87741c7d5347ed217f5d2149eec99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fdcfb4b4feed318f64240bfea016ca4

SHA1
19c87489b565e7caedf8ba3534299a2d09f1a375

SHA256
b5f12ad6bd4884038050db4c7e9e583444e3691441cb0efe9fcb84d9dca93c77

SHA512
1e012442b1a7ec162e182fb6fedacdbe136eb2f1941269c7d1435f200720738846938652373cdd30738ab975311252d88ea2f79189263fbe43e6d7bf593799fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fc6df1045cc4bac4325314588917149

SHA1
9c4833b2e9887d2cf6379e070ff16afa3ab0087f

SHA256
a5ba9b95524a0def6ad90554c18f752973dd9f50611256fc7b40fe206c8e5c00

SHA512
060d2ed27475919ba0e55c90353ff027c0a66d0045a6d7fc05626b501c0bb242c4cbb07a979cc35a1f2697098550fb034eacac92956ef269365040523e954230

Download Submit