dbc9862154424130e0887feae9d417daa1e1fdb349ad7598eca5cfa15cf081e2

Analysis

max time kernel
118s
max time network
142s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 00:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4633fb742da414e8a7c269dd52729772.html
Size

20KB
MD5

4633fb742da414e8a7c269dd52729772
SHA1

9474c699126ebbf73afe109490b6c15cde56dabb
SHA256

dbc9862154424130e0887feae9d417daa1e1fdb349ad7598eca5cfa15cf081e2
SHA512

7fbdbb85f290907b9c2a9675b18bc90e501f212babc33327b93690372857ab07e0a12bd376e1a405f45952af00e4d42164bcf659b0c9c222e80c079bd617c79e
SSDEEP

384:4+QfPFd9QZBC7mOdMWaMyVZuKfpC5IgSnbmFe7AcX28AEvBc60Vqjq/hHe7Pd:Zcd9QZBC7mOdM44pC5I9nC4qKPd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 507b92c66238da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d7800000000020000000000106600000001000020000000c4e47a4671e062d816f8447bbbde82fbd65bd9bc59edf2408c1a1333ecb7c4a6000000000e800000000200002000000077772e4c31452be5c183e2b9add7872282483a2d099b4238ba6b6124dcff4ae790000000f26fae669228ff19172a3e08b5003c05dba41d1b1e6addda41481564813f95e2f275c759a4cd30a52a35c7219269eb10e187caa5a416aa794f49bbe5371232f6ce3287e0fde3e42eeb7253d18a0ec1c6656e7a2e28f037692eae6a435a07426cb88869b2994f8d6276f84078bb23b6b80e365239663891b1a286231423cf48da8bf49165c9e050e599320e79b566132640000000c0d5ba7164866048db82e2b2c6aa2d033fc80fe698be4e1f6fb829a5457af504f10d2be016fa379505d62db867017d837c52fe1ac4b3c2be6a97719abe0dca59	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8FDBAB1-A455-11EE-8951-5E4183A8FC47} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409801814"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d7800000000020000000000106600000001000020000000bb953d83861bd1a7bda1450eb27031334d37d11111b12e5d58ce3bd79df7a542000000000e800000000200002000000026fa4db22bf967c43defcf97cf019d50a9b9f1a0ccbf4007380fa65fcf1e4eed20000000ae15a7e0e602891a0b4ad253f2453e77a9e061ffb6d4e484b7ddb8582699e73e4000000031af705310149d82999143a5c40d7d771ce8d71934de0c6f86f0352103a0928fbefba8fea53b1424a0c349dbb132869d5ff2c90f5e3d1448ac3c44ba44a9f527	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1748	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1748	iexplore.exe
1748	iexplore.exe
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 1632	1748	iexplore.exe	14
PID 1748 wrote to memory of 1632	1748	iexplore.exe	14
PID 1748 wrote to memory of 1632	1748	iexplore.exe	14
PID 1748 wrote to memory of 1632	1748	iexplore.exe	14

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4633fb742da414e8a7c269dd52729772.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be6d056a858ab2c96c2d86fdfa276ac0

SHA1
9e54e968ba4038e92c81df5c74760c8d22ddec3e

SHA256
7ef1fd314f80722cf45f121c4ababd1eccca0c2d4194532b665f0874a72ddcb3

SHA512
21a07c1cf583f42ee540aa07e079adbf25a63db0fa8e017d6f5600ee5100133cd4d00a9c68f39f8fc1548ee7c9ce84afe90a911b1c12e39babb78cab8ba90160

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7e3d0e484aeb5f7c254d18311567379

SHA1
4a4989ff712860e76b841f7b8cbc4cddf8f3b75f

SHA256
92eebe349b719d7df14aec06a145b6fcbbc1acfa7cd50570bb2a1d26379370a2

SHA512
c47ab739ac394b3a980c92a14f72f72679a932964a5c96e1c1b5f7514612148a29e1714f3e28a5d873146cc960a2506b52f958b6ff0ebebe8db54c6ce606a81e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59b9a1511c32d525c667e161f0ded9a2

SHA1
f2d7689204a1ad6db8d37710b85b3137764351c0

SHA256
b813463bbab9711de5dc627ae7da392e3eee4af1a222d9a3258d19524d3a89c5

SHA512
39a7c21d9e42e3cad3ea9f457c2ed24bd930902bdc25f24ccb4e216f088d8a765da921bf62f75d182dcc08a185860155df1890475db1c50345a9551343aaa4ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
569577dc20fd47ae375a9de3cc39e05c

SHA1
05900ddbbd4ee9700d17843f5b02ee8b0f997f04

SHA256
e8815bfcb08f397fa0347fe5100ba8fac426e48f639d1dac2ea34ab6a9aa389f

SHA512
3b43737785cd67a637d44af9d5e92b26227cf0f4f28e5acd4f6af49f2e7c03130684079850786937990e6f7606c1dabce18ed9f89b91709654b77c7e6fa49ca4

Download Submit