a93f1d1d054b19f839ec803e5803ba5246863ab0a90b0fbda2f471674df2d86a

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37efb387905f448bb86a7beee2853ccb.html
Size

1KB
MD5

37efb387905f448bb86a7beee2853ccb
SHA1

1634c562b99c518eee4cf0fca992db534bc02ef6
SHA256

a93f1d1d054b19f839ec803e5803ba5246863ab0a90b0fbda2f471674df2d86a
SHA512

a74b15e755efd06e638814e4c73d02bd5b0c5217056bc6d9b7b0e40c566fa43ee14aea89edfe675f7d6b1e46443740928cf64fc36bcd5096fc405c38c6f62bef

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000082382918825a270c3c9b9d956ae5399a6163e91e92aa721959caca292fd26166000000000e80000000020000200000000496c217e348cf54d3727acae13bd510461733bfbafcbb26ca1baa086730227320000000d38cb1b195ecfc6272067ae80db4ae962da3bfc63db87ac4e163c8d6ad5371b640000000059947ac7fbad04e69457230fded182b7acc28839cb668ffd1bcfffa6854db9f00b12210b62351f5eea1a7ceaca91ccbac05997a0647b2049750d08782086b04	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000006e3abe9c3970fc70cf446ac30ed4c5e5c30a4b95b5c1173e12fe312e2464d51f000000000e80000000020000200000006695ef759a9a640fe446f1d0cf00181982b8021ba09fb1ad4006f47a13b4fffb9000000056cf24b2dc69fd610ab2722fdd6a4da5c225ec2b42dd3593a0439f8d7ebbd91d159afff44fa09181c6781ddba38feada9929c95e2c4bbad5531812c0585ebfaf854d6b00829103c58bca31ee12bf3205b978b9497e4c307971f5c03f343f5b0dd7305dfc96b327947d2090f2765b39095ac718b57d0b1c9bf50986fef343729899ee388aa31ca125208bf281749d2d104000000068aafa96845ed22ac1fa59901b5ec30dec4d666ec016cc1cfc51593c5a75ec8b4897fd4f2c3e4c83536440a0a33aea310e342009b3c9b0cd2fe36e6c351c9c49	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20dce8022f3ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2DD51431-A622-11EE-86E5-EED0D7A1BF98} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409999491"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2808	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2808	iexplore.exe
2808	iexplore.exe
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 1728	2808	iexplore.exe	15
PID 2808 wrote to memory of 1728	2808	iexplore.exe	15
PID 2808 wrote to memory of 1728	2808	iexplore.exe	15
PID 2808 wrote to memory of 1728	2808	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\37efb387905f448bb86a7beee2853ccb.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0d81b5c97d280bb317afd56bc234220

SHA1
5445f197ad6aabc1179daa724da6dfaddbbee589

SHA256
19ac55d1226383d2560536703a6138e3763feb80541a8b0744c9eabe0b2b17a2

SHA512
da99d2e1e5531be0d1d16650fcc2f2bd52aad00b84d69686defe8b47132ff062a754eec4f05d011dc93701ba623c09282690f57aa6d2ad94f91db647dcf35329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
954d83420053a253d72665cb20631282

SHA1
237e9696416d2c278a3b34d8375e858bf9226fb1

SHA256
fd22bdda4c8bc9f20db5d180759958290517e6818b3f3f4d11d78989dca9293f

SHA512
f875399fada4788029e7183d1f7412cca6eaa78591b89b512ece99d396eae45c383f45e6bc82b562235b80182d3ace0d7d4eaa1cf3a9535c46b3718ae10748b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ef1547533c2efa40c9937709cc55dac

SHA1
ad8f796612770b1e6e5aca4a0c542b8706c0212e

SHA256
0b7ca87c96f6a05ce164bc5c0879e9c37ce84445a518f27ac0472d9884b9c260

SHA512
c549f25eaf3dba42c5095b852afe454bda8c9049a6f1051064e1a888f11f7078e3890749025dc8c71ce8cd275a912f92597239c09b0b38e57b70fba806e49506

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05365dedda2e0942d768b024e0405b33

SHA1
ba1acb085848894e7007491ad668903196f623d7

SHA256
a81b088258a56bb9b9cd71702f98afb3507e79d3a6dfafbccb9163d65a3a23bc

SHA512
3b502c438dc874fbac529238d2afe84c647246953e96a662af4840cc8ef2fab0fe9534fee02a59c5be2d40781dcda46f4292400a08f49447bef320cc9fb22b7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c6af28ee61b0c7100f04f93b5f57a6a

SHA1
a95ac3fc35ea03c6e65e1f394ced81b4f73ae55e

SHA256
fbc4bf3b9df0c7c7f9600b5a6b70fbeb199da6bedb4649a6fb41bd9ea435bd38

SHA512
163b908acee4d0a04624eab73e5ab7130d49cde32e2f50707c38d2c1ec24891ef38bb3462750e7f904e42b3c870b5493db190f4a495754c468aab81cb970f423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5316c7c815e07ea56ee6361e682d8aac

SHA1
8a4a0341100c98811de8637619ca73796926dd64

SHA256
ca926a168fad4adfd53e6b09140ce192156e050ca821d544a6bafd31b2958cf6

SHA512
562a8b9561d2bc3eb4e9578134ac3f45eeefe5f08b6cf5c1d4bf8d5c5beec59c4a9fc32b8de7cc34e21367624dcdc4aefd3f9852da065aedec30cd5db26f08cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30e8dcd9abb96d2bcc60d2e2e694ad0d

SHA1
5e59d5bb94c0d32fa87546fd915699c19f555f04

SHA256
4c5c36fde604c15f780d1c3fe2ae7194a8e4ad4d6a6dca431a399b9257a3cd8f

SHA512
38bc859c0949ef59f741ba4023904b21ed92301c0d1cd1800ffaa5f4a4a0bb32df08d4ef13a8b5b61acd75866f264e3738b35ed64fa095fed13e79e34f9907a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4ca866b41d9b03b7d7c73acda301554

SHA1
269e49d3748fbca7b4c38023e1c9f25a7828cc62

SHA256
354ea777f243f65e6a4c1edf0b7715ed6e46c56422e7c7ae7a667e38bad48078

SHA512
bcb4bfc5d3dbc3f6985790a04f4a9ffe25683e457bcb525887f2f275abba789df349d74b603834fed64b2327d6c1f8ad6d213b38cda98d7aba8bea6dca022148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4097c0f894bfab9b516428770c8828d

SHA1
afb65a7bea850a67e07c8f5a86a2d894034e46d2

SHA256
271835affb89560c9d1376a090da59c41d04774e1255a08fee15a77cdd82ecd5

SHA512
646bb95bedf38df89f0e355fd9883a481be7f3da82edb3622ee20864e955f67a8e406082bbdf8efdeb23aa41bdde0b06a46b57cf90801383834162a47263d3df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7517c797f55ab149667fc32aa5314858

SHA1
b24d6692270751cbc65002c56c6b5be922e085c8

SHA256
27d244c814dfed97218e729c20cb18417d561360be47323d9468cb789ce698c6

SHA512
a48073111126114133c002c4ece6adf8e1560e1a1db9fd39ccc7bd58ebb54ee6532dbc8a332bda7b353490c2b41924928ca8fc32f1e877dad409c14c91376fe4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86886ffb1060f9e01f7562c0e88cd799

SHA1
ef6bb3870a6f1d9d73f6f2f3c5ecbeb9308469c6

SHA256
58dd51cf80b636ccdd6ccf5effd8e733060a82f3c91bc758a96a49cee72b5af3

SHA512
18a1261997fd415bbb45fac59a21c0ef0fc0007f20201e59fd45ffb9e71ae2611115bb19c05615aca5392d3dd25aaf3fb8b56a185466e9aa3ec146286c5298df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b4e7d33cbfc181eb7ad1fb184c34367

SHA1
3049071e08531c9ad4d24f665112ab9b4e651290

SHA256
4ba9e98cc8f0a2d74f7718c2c83ac37f2aac5a78bd41bbb770479a101db2c793

SHA512
7b28ad79323542e77e35c9ae6be8d394e4a90fcada31d3ccfe0e45f5d8d6d239d3c9007597bd95db78e2d1653d32c5069426ae203040170bd75a7bf918798549

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5922118f8b9c40cda0604693cfab0630

SHA1
4bf35cbc9320f3ee2c694f4392769b01593450ef

SHA256
b5a8d7e9001fe8f170dc2e9c5896c11eaf892bc0080408e9ab7822f14a883c43

SHA512
ab49ce3b1bb305906f0dc8530450f342ecbdada583cfc4c536480ee2c192f2a00b9f5e905e801259c7951beea1161fc63b03188c01b475aa854870e1bf5ec6d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
786e95c5bbd77a8c9815ddd607bd3435

SHA1
54809917c0fc2473417f6943d887365f7a66c3ba

SHA256
810bd3f1ee618a10d373100a7a4d0a0722cc4ab9da19f56ac33a3ae7d22d8151

SHA512
667ce49acee7f9cd4fa4edad880ac75933baef5786eb3d541eb65a8238210394af31395bea0212639a26c0cc3dad29edead971b784f79977ec4919a8519e4c87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7921df5149ccde895151977c621016e5

SHA1
34642ebfd41f6b069385df290c5a87d737a79f91

SHA256
c094db8f4a590b90bab7eeda4a603c46758910d135ee3d73c756db823fa330af

SHA512
9030a510b081fc79d8e991e491697978e1e0d0b4f6357587d238ed7d93d0c89e1c0b424756f80b4a360bf51153a6f12c1c4cb3b0096cdd1b9050e812b71e7d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c950f36b6c1deb72c961fd05b65f0be

SHA1
6ee5b07b69ded8bd8b6831619a7f5d7f048ff7e3

SHA256
8f9a18425ec270beba29f181b98ea48f0aa7432f6bdb70198ccd62ed3050dd81

SHA512
2fdd32b078cd0196f38dd9e918c083fe4244e61ab641c3694b02071c2c0b211d4bc46e6e5aa7f3c4f5c9f0348d6b8ec476aaca9ae042b072329d7922a057b01c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e900aeb776cbbc597bfb62e8719f99af

SHA1
1ebc5aa51b7abf07a3057b097e46f042d51fd0af

SHA256
c4b2b099224d12a4ead7724b482988937673ded36c2d84bc3bc4afecb12aadc6

SHA512
4ccd38222fcd78e2807919265fb5cb541e22007f910f3e435ec1dadeef8d76325590e27c0e86459ab4a08e4410ac1d4227e7ba87de97d7fcbc96e030c04c57ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2704.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4A40.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit