87c4914bf9621f6277cf614efa2cbb2d1a1deac782495eeb8d92bb38b7a231b4

Analysis

max time kernel
10s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b5d5834626fd8b000433bd5c88c2447.html
Size

3.5MB
MD5

3b5d5834626fd8b000433bd5c88c2447
SHA1

9dfc6e599df175935debf0f6775c607b29d0ebee
SHA256

87c4914bf9621f6277cf614efa2cbb2d1a1deac782495eeb8d92bb38b7a231b4
SHA512

d21718e00255081c7481be3a1739f4c371d2b6d554a041270fc4bc6525b8008c294e6f648d4c40098d0633ca43d98c83f6b0979133792fd80f6d313e2d8bdd22
SSDEEP

12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NAZ:jvQjte4tT62Z

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2B7A451-A426-11EE-8837-E6629DF8543F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2212	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2212	iexplore.exe
2212	iexplore.exe
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2084	2212	iexplore.exe	16
PID 2212 wrote to memory of 2084	2212	iexplore.exe	16
PID 2212 wrote to memory of 2084	2212	iexplore.exe	16
PID 2212 wrote to memory of 2084	2212	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3b5d5834626fd8b000433bd5c88c2447.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5be60441091f3f06075261e38736b114

SHA1
586d25de5fb1e044c6ecd20e55f9a503b1f342e1

SHA256
cf1870fec8f252c57a8c288c44aa4f1d6630025e1ad5f8f013d7f4549575f076

SHA512
3f4806421b2077110c11a8eab90c54151de19b3586e0cf08eec21454e941c56c99feb82cded4ca61688a03a51d840b8a864357bee4dad8249f8354377c0c8317

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b86151ba20e0cdcb50695d926ff0292

SHA1
f62855001abd7354c225ed859b725a5d353b4ed0

SHA256
b9afbadaf10e1c15276ab634008450fee09b387aa708eeb4fc23544fa4b3594b

SHA512
ce19992965eef41e4936caaa13ef7dd379937cbe25b45b9bdd0f1f020d7f52fc26285e69b06ca9f0de8608c10fe5297279b0cef1c2462bf3fefbd62bd2b946ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06140c094f7b3b17bfd3977885221582

SHA1
1e04938918fb8f809f114915deb441cdf7f13823

SHA256
75216c261f6bc83ece67ec42408aab5aba049e193efba63847b77f917eec9cd2

SHA512
d72ae9087cd8a3c5257e719db792b42bd61b73222453c7b8964fcd2d8d81d1c392cc1df6bddd0fbfc42989a7dbf5e5db3eb569b29b875ace7b9b3792f54031a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8d7dc7682da60f10ef9f4ca1c79a6fb

SHA1
6f3794ede977e7510c36a8d0995d4ced10c7e09d

SHA256
1f864603612a427ad65d283383496b16fb6c95d4902401cd6a29b49dc738a951

SHA512
9b81ade8439b942ccd14b64f68760f01843206d0ece2ee78ccf6ecdac5ab9cb56fc1427c584857c99e62c9a7ba4e7fe0a9c510f56608a818b24be0373f35eb6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d01cb8dd4fb910c30e0be51ea4ea4a6

SHA1
a7245a4f2c4a078b4a121eee949253cd900e8bec

SHA256
01b5b5387feef6e0f6051205366bed4565295ae2196d18b0cc1f1708dea78322

SHA512
9f95e6a8f3cea858b0e0aba4c7f4de6a2dd893e7c7915d042cd63cc15d6e6ebed918016535e3f111d50f25523ff03e5ac9d63d0404c6a0529c08f75debdf3e71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
507af034c7e5c6f32e864ed4dd6f30dc

SHA1
56ad8008f5ebf52711603b91f8d4d4d35d2c7fa5

SHA256
b83b2b8a4060069d212f401289b60b5efbbe33de492b3ecc5e9f2622ef015834

SHA512
f8fdbac368fa69fd07329710af8fbd2cda1be74580ac9c3d803a1a54e8e2b366389aa374bc3769072677e97ffe015432f5d9d9557baf9ce82fe5273e9fa4b3f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
097a6d50c9418087676b2cd896371bdb

SHA1
af76ba533de85e681d0d05a96ebb19b6e14f85b3

SHA256
834b7eaa1d9e697326ba433f366c2be2b784d50a951b68a14591d7dfcf577397

SHA512
92e7f68a3894c9bb8a23f1d2727958f16f729d3fa6a2fa2a926570bf917d1b2f1e1390cf3f5ede2afd0c3448ca9f6f9fa8209d02a6824d8fe0c8f90f08d06099

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e346ec53b6a60b1a0bdb754eca5a8048

SHA1
ee406b5824c2ba542fdef1cbff8efc911faf9300

SHA256
79d4c581f36737463e00ab40e66896350f1fbf4c38ea27eb3fadc635a139e82f

SHA512
0aa4a378e4887e858d370a0c4a889a7c4ff3dedb5cee7114432defb82c4efdff8ae33b922424c938f8af22acf34043e059e7a23f011ac7581eacd0173fea9603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90dc61ac86744376dcee67467a919365

SHA1
f56f94f8b0ea6412292c1f9eae5d80328707f187

SHA256
1523cbc9f6e6f7a613213fb5192778cd842d8bd73bd56acd1dbc1522818e5923

SHA512
3d65244e6ec8dc7a2a43e9c9810431150bb8c1d018313287e7a7c63ecfe0b926657cda561904c12088a180958b403c37a09542e5bddafa2c61de0b9158e61e06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d48274cff81a97f5bd990d5e0a4ddec

SHA1
ca7c5bb4c79891fa80c027ba5cc7e2adad6ca86a

SHA256
8ae7b51cb1c0429f62803511607504056df054a20bf71a164c440a08f5c54a47

SHA512
957d15f64f274cab1fb783a54c7b87c97dc7c27f3943ed0712d088820cb23fa6cf5e7b9f1397cc48acd66d3c1415fb0491a0c3cfbf9e8766a48997ccba68a1cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c84ab0bd6927e8eaee646c02231c9af9

SHA1
22a0f4b5ad8a5a2e7d35b1700a1b6127029ddb73

SHA256
bdd5346c09a66816db0ea872fd7e21018cc1432fca9c28fc8b27cb00a9711d18

SHA512
e455d9bcd5c89e18dc026d86b9fa84bca741a8c125ab637da7b7bd7dd1eadab69f0d7391dbb7d4380682412a37dfd62553d4fed89eb132fa07b80672a62a0d48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8504234b12d94d2e732d9d16a79b7b5

SHA1
8528b37fb6162c6b97757ff9ce5118525b35236b

SHA256
1dfc916800dd40db0f601252d8811d3525ee26ad5a6514ffe8c9ea1569becb53

SHA512
47db53d53cc335834973215d9e7bfdd015d37261d592a268ec21392135e6d8a7e191f1743553d9647e818e52093dee8bedbd401521650a63c66a7e8c44cfe64e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54ba47322925ba1ba779a5e2c5b73266

SHA1
45dad56151bbfec4c5a354845333c05c3d343348

SHA256
ca982cb4c5923b11d71f0e34f30a2c7749c4aed70544bf754b1b3cb45de9c498

SHA512
d2270ef6ecf0bd2b221b19ac9f6c08e7ae8070468c71f8737d86b1e5a7d4f9cfab718454c070f04e8f6ac13fe2d87ce215dab5b9d15bf974ed65b68ec3ba983b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb67f111725fa063d0a583de29cce59c

SHA1
1d07c67bb4fbeb6747c202ded407bb8fa11b0331

SHA256
3e9c4a1ce9bb043bb6935a3ede077862d404edf5b6198a336cb441e5a708bd98

SHA512
515c24986a840f040fd729866d46256b32f93838fef8862e4980ad24496a5cf31f839a51165e990ec24335c87dbad920431f1e31187f1ea59f890bca168a1d3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41030dd1d3a2792372f2b624068a6b64

SHA1
327abe9dee69af967749e11a42d77ea8b6210a73

SHA256
edd29900dbd63146ea84bf258b5f94bb269797c67e4abd6f5f9b95f278f0e375

SHA512
406ffbfc767b4b555ae3db40683febf0fb658ccb4e4a77b70761b8c94d99e0f1afe53525ca745391b05714e4ba3662052658f090b89af2921b8ae3aab0318b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1AC3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1AC6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit