c0c5e65386921e6adde3634af0678e98e073403592fc12775cb2f27ce8cc57cb

Analysis

max time kernel
167s
max time network
185s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44f09998b13b246972c13dace36bcbe6.html
Size

112KB
MD5

44f09998b13b246972c13dace36bcbe6
SHA1

cfd7ad443e8f3c0a30867a5ae9af69c94add264c
SHA256

c0c5e65386921e6adde3634af0678e98e073403592fc12775cb2f27ce8cc57cb
SHA512

f2c5525d0355eb238778efafcb75bd9548239cf1b396058d3f1d2c889f0d3f9a03293dadefd68d5af936684bf6db0a40ef4077c83d120c4467fee5c429c56e46
SSDEEP

768:SaC587HCOdtNqgfv0akxZU5Vos0z+Wc4xgitB22pVC73cai8nf:SaC587HCOdvfv0akxZ0/0z1eitFVwR/f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000003b59689b55dcf4035f6a2f2126680006cff8d1bf2a0ec39667d2833254732fa4000000000e8000000002000020000000970bdb9cc6fa2668fb528a5219bd28207907d7523739e52b55a06b15a86aba3f900000001abbeeaaaff6e0d844949e84cd172cceb1b6f3cbe0370a281e861831816e79ac3051b84562bbe0b3d60cc625ba5ce1d31a92e910276712bc3be0d5178ff7eb223f95f489d074d259530b9838109ad2de055434d05189a77929fd34bf8be1ccac5e64509a71158cb2f5f50fc31b23fb37fe4ff6473777bc1feca0987a767eb45915249d7a878d0c4ae7766667d3d3c90640000000282a8ef325f9452e8da814c9b05bf0f8c8f5c165975b6912bfafd89327fa706806af588b0d6a82bf2b4ef1b55b312625fe696078984dbf1c4ef391fc7b3a9bd5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000768dc2940a46b911dbe7f1eebba636894f4f9878e1134722aaa4f23c501389ef000000000e8000000002000020000000df93dd394a3f4e0efdf426fcdc1f078269be2f3119835a316c0baa89a036792b20000000869e5679400e34a0ce740a52a23f597730a651966fc9342b97a66b94f67ad3ee40000000b93e9ce91b70840dc3ac4735a8b3be9c4b9924f05818c3da506605b76cb6a32943eb26b54b0011e0d10c9022789b2d3606ad82086eff153aca7d5b5245d49bb6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEB7FF81-A450-11EE-A1AA-6E3D54FB2439} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20bc4da55d38da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409799627"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2576	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2576	iexplore.exe
2576	iexplore.exe
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2616	2576	iexplore.exe	18
PID 2576 wrote to memory of 2616	2576	iexplore.exe	18
PID 2576 wrote to memory of 2616	2576	iexplore.exe	18
PID 2576 wrote to memory of 2616	2576	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\44f09998b13b246972c13dace36bcbe6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8934971eb607b62bba59a4b4b8d206f9

SHA1
45dad1ad9d1954bada98239b6cd03b3e8dec63ed

SHA256
38ab2e0117dd870049a2168207428f2d13a7e87e21fad76aba367be1626cdc84

SHA512
efebc04093dfbc61781aa4f2d52d48c29270e990e59e3421d7620ef49cc7c2d2807b946197bf104f987cf36db08a0eda3eb19d25cfd97cd8d49b595331d9a59f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bc8a11b60963427614caf96104e90ac

SHA1
605d75c6e9a7b0d105805c7dcbeadd13cd5ad99c

SHA256
6fd6cc8c75cefb6ec8eaa45baf33e3eac0439e0bbe0142e627f95a5f48503156

SHA512
ca9bd62ef9a6956ecaabae0e1f882b1e7950202c0172d1a44e0590c8df18c21f62aae21068ce67005eeb87938bf033d1738368ae058ca2969b24b00710c2c6df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95e39b1f57f43fcf1426d2f4d5598192

SHA1
07be90a285abe5d7b1865334da7de9e7d3e48abb

SHA256
6ab776da76e6e038e2e8761ca5b3ea165a0c184845833f4342aaa88a199f69c2

SHA512
3df63d087a7c2ea159a2262d109afd1e8d057165a82df89ec491309ee6f06f45450a927d141db45254866df9a638ac26da11589dfc9d2d5850e098783c3df42e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56427addd55691f7428cb63b9b76f18e

SHA1
ff60824aa8c62f8300f588f33838b2bcb6ba8872

SHA256
86e022edade39591786664f5a0201e0abd8e3cd10d9bce41630e1463b35fa70c

SHA512
4753dfca385e11f69b28e61fdbd8198384c3de7815671d92196819dca7f4d168b5622b7966a62edad51167b26fa833eff6e8daf50643a50f08a938fcafbdacab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58a032c0e1332a8f5d80f5eb98a0a233

SHA1
f9a8b3fcb306966f75b11ad58f214a94da87d6fc

SHA256
45340a0e5101a414b361897e919c1263dbc8e80c051c43fc4f9bc979bac977ec

SHA512
963716140e14451162850ed27f2983793c5023b2ecfd91d3059771c15a96b653c64bb98d59d69c40c16cf7cac8387116fce1b30b90333c6986ebde6b124012f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3ebb6ab64551f56cf2064241d4cc224

SHA1
a519acfc06e8274c374c753c1f6422d85ed3b6e2

SHA256
2f3a14f7752feeb043c1dfd92f8f9be5e6556e0a17c74cd03b760fa87cd9bf60

SHA512
b95822909f669e39caac2358d437e16c2b0bf4eff1db5e7b67ce84fe1822a3949762ae3a708f82410f1b700eb1d87a2a886d6909743c6545b5069aff1bad809f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a9775b039b1e7a8de18fcedfbc7819a

SHA1
b7faa33a8496818e144825c565f236b33c548f76

SHA256
9b0a4597716c6668e7e91cadbadd7a6f595ec35fd86930ef0772a8abd8c4655f

SHA512
666a1902f92c364fb731e04b6026737498e5b99b332366a09e8a41e7cc70250f5f8ee70da4b1dffb4ac26f7c25e8e7effb5fd655b6a4ace7665d8c66b6f7af04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81fb635ccbe9d75fb61fb04ada564b32

SHA1
028f441a58622be321cff30b010a0bc94a934b0f

SHA256
bb5a07b6990e13d260a9b27034738dc434703c817db90351fe460edd4cfa6a3e

SHA512
a643bb61da4f8facfd57bf677af7313ebe3405d2e1a85ae482edfcdc58d5eb052c3769d1642ad2ae2191d6fdbc8495574b78ee9eeef1205ab933065c2227949d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0afcae2422fd32548b5e45bcbe08599f

SHA1
b6196a92b180da589269717340d49af2e7ba883a

SHA256
782cda2fbb603ad3f7cbe44ebf19d58c004970efffc40186d7ac31bead450d15

SHA512
7eac4dfbdf4277cbc0aa80073c00a81fafff9977a8e0b342aa3a776f3229c7ec7ed84b05b94a5389a7f0c93dd6efe763e7ecdb201747cee44448fcc008952f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb51b07d7052e8bd62d9db577ab8f9d4

SHA1
40599cf11d839c1fd934a4bbc5336f21467bbee8

SHA256
38f11cf52fc56143945fbdacb9a711b32acb5c428e5a650dbc674c4cc76b7f53

SHA512
eac59ade0ed2e4cf5991ee0b0fa6ee192f0dbfaeb2a55894bd918549d71203931bbe307d906dafb39fd61f6f3c5b0421af9ce43bc3edb1eb767410637af6750b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c3ca9d056093caae694032d81b32e75

SHA1
2cb670e055678c1cab7f6b57f2b3150138e41d26

SHA256
0671247800bc71230490c6af2e75d02345607eacae7489f7f54d359017d01b92

SHA512
91e22fe2fc6d1e92e9fd44371ad378172051335b1c390374621b3d85bcafc2ea5dd87aae942785a227082601989257eb027809cb563dbec21dc000b25843021e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebe09ef342171e2cd307c4872b4ceb21

SHA1
829adb8308658aaadbe5fee35843692afb46fbb6

SHA256
618c1482dd733e21979cd4cee8f9b441d5f21c80fb5fe6ebd58ff40c459c0825

SHA512
aa1b09d8cca34e89953eac4f869fa972814a7b4f7e5613bd85c0b3ca87173500a7fc8b36307b1bf5b5d75c29b243042ecae4ca6c9795ae1f3bff19a5ded2a14e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8cd2d2dc2244167988df5fa082e0006

SHA1
816d698c9dc22ec80f890c0776dc77602a1b210e

SHA256
91666dd32feecb1d5a7600f8f07b2b4debe6a03bd2a545e70d4a27c739e9ab45

SHA512
2f358fc9c5ba4a8077d45259db1796630737a24b96608e60dad913e442e7697393b9100d770741f853422412251136f55b7b2427c222c6c1a911846da6343299

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ea3bea811c1aee016cac3080abc0b39

SHA1
e1d1f0d0b1b5722b53d54abe332139a1f2680254

SHA256
987cfb608ee0c66026ab9377e781da171bbec460b479141452cfd27db9e25cad

SHA512
14eb1a4faa90a5ca884f382d50e87d6f42f2719259de09be145f9eefa90caa5012b4d45008f98318a3ff33fd96408b6cd7ebf918bfcc79701fc0f9b184e5dd76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7b17a4262fa6de55d877360fce4e827

SHA1
c3cb7d656876ffc25753f41ee48d6f3ce20a0745

SHA256
73c26d19bc7212bf322069b4412567ec31bcc8288ff347875015b2edf69a0b87

SHA512
d180c3f75b0649a1b2640d0d629e24846a57d201d7e4184c719175f669fbc29c9163c9f7ba34f9853b559496eb4567e56a39996e8038f8827ece6c35d27c80ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAEA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAEC.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit