e227bcfe1c1de020d2a9274daba4fe3d6b63704223627ab7bbcf0bdf9aa291ea

Analysis

max time kernel
55s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49eeabc402494114e991a0105841a419.html
Size

6KB
MD5

49eeabc402494114e991a0105841a419
SHA1

bb87182e7e38c185e864d04461f716da3b1f218b
SHA256

e227bcfe1c1de020d2a9274daba4fe3d6b63704223627ab7bbcf0bdf9aa291ea
SHA512

1c358614493fc73a742d6b78825226994be4cbb8907a5a13c73e6b92830ab74188c6a51447ff18bcae047732e8a9bd9ea7d8cbc3b47e69b14fac8d10c25c22e1
SSDEEP

96:uzVs+ux75QLLY1k9o84d12ef7CSTUSQY/6/NcEZ7ru7f:csz75QAYS/n4Nb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF37C111-A464-11EE-A5DE-CE253106968E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2032	iexplore.exe
2032	iexplore.exe
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2280	2032	iexplore.exe	28
PID 2032 wrote to memory of 2280	2032	iexplore.exe	28
PID 2032 wrote to memory of 2280	2032	iexplore.exe	28
PID 2032 wrote to memory of 2280	2032	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\49eeabc402494114e991a0105841a419.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6d87a72e3c67b48fe01092f3cf36708

SHA1
9980fea10d6387dc1a0cbb5da76a159f85f7ad48

SHA256
f15a9dc1a0e49ebea087be67e448f9307db4e0ab06e503ef5d63fdeed3c3cba5

SHA512
cde016030b26626aeb303b1516951d1fe67f90ac94464b406dd9aa89def5c6f9332dce5b5705b6ef69a794ccbd800192629d0658209e92523d6ae4fc17999638

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6887409b8aa59435c6c0ae3f1107edd

SHA1
9485527f80e10a185dc38b2a2edc157bb3d12531

SHA256
3dd35505838ee74e8f48f22bb49ee371897a94c4f12812d5b7badecdd9b23171

SHA512
b773ad5d1bbc17f376bd0e4ca7d07dc4bc4310b5151bd8e236a5c43b73c5c14a0a91728dbcede60fe2a97592b6024a8fe90158e845cad224555bfc6f4a70ed20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00fbef5a398eb7ea0ad872b4938b672a

SHA1
11300e94949dd212f8e756f1cdbcfcce47d7efd0

SHA256
f941403dc2affc78a61fbaca2bf47283bd0003d986d56d863eeb2d67e1977a00

SHA512
ed73ddb7826249c056d2c93e78a16d2355b34b0a06608c9e5e99cc3c3307ab6247aa65c78a2b5c6bc034d14f35b6383988be0d5ae07b42a66ddf9904941da238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ec432dbfb26167d9f9c0368e07aefcd

SHA1
8ac1bff35ffce14549744be47103517148a3a462

SHA256
a7ae6fd160c290a85880aa8423f301cdf11ca30c7472a68b4777bd01f4fe822a

SHA512
d02312699dc25ebde5b55b6661fb904076e3d979f304f0b330ba6121241c04a6ab0199a34b85f84d84e54bad8d5359d08309b31818da960e7b6d71223ac43fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c8f094b299e37562a0161d5cb410e38

SHA1
ed4924770022c60b2b1b3c403c50844308e012ac

SHA256
9afca5f29a2a90a14b3b2aeeea089963c1931fbf49a88a0c94e42b52c8b98161

SHA512
480eb1945008ac2dcbe2ad5975417decbe380c0629e6d6a2ddeb763fbd3ca6f01ebdd94ea17872136a4c4f6f2ba31ff3c127d5de79dd2f6d2a4595291b6a0cea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
686e90b8b52efffd8e285e135693cd95

SHA1
f4adaa18472f3c916f919c90cb324353a2e4cdb1

SHA256
3682f702ab4e34a29f0a60f707e7b4a87178544886be3a54e875ebfe97f84117

SHA512
3fc102de5735bf1fb0d555c6accdf356e14a8e5c67b44df8ffe1972d72b6dc108be27cd8d179c25732dfde3987d0002078620d8a2ceeb6341a950955733a47e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66ab4b6bff65fd45aca18015dc3cdbed

SHA1
b700b0c4a3f6ae879f3d49a0f853bebc024c0dbf

SHA256
125046244c61ca39d8380da252fce35cb051a55f2e3ac0fe9c2ddbc232488f7f

SHA512
1a3cc796be5637c8c6d025946e04a87cf33bf999841b39110016aaca91046fc156ba3a9a326657c4f3aeaec8f6409e909b7867088cf98a241e7f7bf5417fc7ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8896c1bc81b45d2a32e36867386df39b

SHA1
b59ffc2414ff7c955382c388e2b8c661c619bb07

SHA256
54fe1741bdf0aa8fbbea22984f404e120ff0035cded38d93c8ee431d23c45ada

SHA512
36976497fb17667ea60ba1a84c64bcff457e139b0cfb3a5e5e2c0078524166d038f7c91bb9460bd5b67c0c911ec53d0c9932df3a93d72354a94e30c34d63575b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62ef736c97ccb32297246d39d413878e

SHA1
a8944dc707fb935d8750a08be10500ce0ba62571

SHA256
1134c59337db507e9869a57464a2a47a0daf5379e506487120165e6dfd2a30c4

SHA512
49e03e8c3304ab62a126dbd7903bf901ce0d1ccf4cdb1778510aee85a6a906df5d8682495610dc32a9c84974f9b60224808f4cbd68f2eff335ce538499fefaf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be6949536a3d136d35e6bf21f70f49c3

SHA1
c9366782f42dc5f5161e8b790a83f7978dc681f8

SHA256
070f19f57289c3ab7cc8600904f5f50d4ca70b15c87e3cf3aa105b60b8c85f79

SHA512
5eee28fbb5bca8b87bc419667aef9b87d636b8ce29a9579f4dc1b3361fccb6793baf4396437d46fa428f5a1bdde1c48f22771d5fae04eb2c76fc0ebc0327fa4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24c5fc961bd58691003c941d50d47add

SHA1
655c532c34b68ad4212aff81ec0fb21b5f8c6c93

SHA256
006b60f44e794a792e96c9043ceac53a2aaf47bbb261284f6fcbfde1872c8b70

SHA512
d34ede82a03d8cebd6c3350eca1dce511c4d7c12b6dca77c405311a83d752d7a9c2711e34606bcf6e8f892792a732d80d2671fd3b166e11e3246c779ec22b84b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4072c4fef106807fc2b3ca06a220ed9

SHA1
6f40dd2ccc4ba7a04d8880735f811f851eab32e9

SHA256
5dea76f71033ae942bff61f624988c32fad94b1fe8423a846442c65343f52da8

SHA512
0e63391603793be1d6777649baef509c55bec6f8a197c14da936ffe2f933463dd587ebf7a839a93648bc02c0ecabecee4ea3d81e0f95abf1777b60a1affb6c31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f68e8d2114c45a0385c4c27ba482e729

SHA1
794db68660dc92d9e615cba05682c69e0811c923

SHA256
6829962371664c1abda2ab0eeab6496cd7054b0b102b6f12414d4c4fc3b8d4f6

SHA512
b0652f4947bac51c315ba05153d29abe6ab0ce966d35304e728cae370ab8a0723ca457e5304e9f3c354794a69afb779e42223756e0b1c3866b80ba33a40e819e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCF85.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit