3380cd9e59e6ce02dacb965f7c2736c9cf303e21e198782782a49ac8b889c3d5

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4857252f2731ba8b4a820a3ac5c672ca.html
Size

3.5MB
MD5

4857252f2731ba8b4a820a3ac5c672ca
SHA1

2fbd82665bc58d911d62145fa2878fcf1fecfe1b
SHA256

3380cd9e59e6ce02dacb965f7c2736c9cf303e21e198782782a49ac8b889c3d5
SHA512

4de4d1f3eeaa3bf38d9fbe068aadecbfa5adb3861e94d5409a4e22acaf88a1699e3e16a0950608b30418abac1920d682f3ff25433c622ee70dd421426a4691c7
SSDEEP

12288:oLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nfv:ovpjte4tT6Nv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410346805"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000617fa4c7c90ceba0727738311434c3b76412c7ef23fb1510c45b0ece3b2fcbb6000000000e8000000002000020000000338c9e08c5925410496d96bf437fddaba6d760798b4ffc71ffa7bde4ec4d1344900000007c21d0c25ee63c353f5c7bfc9a450275c9a96c24786245cf7e2daa03577a352b20030c4e585d22a16a2b5d39cb6f6af77d0091d24bb5a02b55d4532611ffc6a1d0cfcd1c9f5e2f3309e8035429e9f1fc9cd38812031c872574fceffaf8bc039e845d9a7b1d709443c20d8da9f2c01d36ef58d4ba51cce3f7f9bd4a1fff689ae78ca620dd64373a8653d88cc44466c59b40000000693b6ba797b8d57a2da1b94acf94d4c2981fd71d9e09f684622d8c7f3d2d77e329db046054af1aae934822fa09c0401e90bde56d6ea71fb793011858a0e43b6a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000005ab897da931787b5b3d4cd2ea2350b02473cb3e9c6ee3888ae51fdddd621fae6000000000e8000000002000020000000c9316971bc720cc9159fe0941323869d9ecdb62d33805ee9eb2b580a01cf417e200000009ac236ed94f2d980c31d57c59c853ea126a3f981321f8ab13e198d0fc38e856140000000bd1bb8555fa5273c4fa8dcf6c6387913c46d313e05a9a62841129ddfdfd9ce8671a3a6eed55d6ef5a6fda054991bcf3b855929e6c2c2e2d0f420b5e54edf9246	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c09754b5573dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D3EBA571-A94A-11EE-8E99-56B3956C75C7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2420	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2420	iexplore.exe
2420	iexplore.exe
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2668	2420	iexplore.exe	15
PID 2420 wrote to memory of 2668	2420	iexplore.exe	15
PID 2420 wrote to memory of 2668	2420	iexplore.exe	15
PID 2420 wrote to memory of 2668	2420	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4857252f2731ba8b4a820a3ac5c672ca.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
607604c0b652308150d0cef5b537eb92

SHA1
4cd0b6d79369958ca9192d2067f2084d60b89d5d

SHA256
fa4b0a1cda4cc07247f9285511d1be12685132eff8483a181cbef751d0bdc654

SHA512
edbd5320eec01ea72f6c702a64e9b47d679f8b23d25293c454c06f81e6456a911a538abad2f0483ec73775ef87c9bededacced7dcad1f65767e6148bf42639c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7564d5fce51705f3f554d84af55a7a3e

SHA1
45b7ff9027d712d341c5ae6e07d96c9fe68bb92c

SHA256
19c6db246b401fe13e1f0c8f5acb50f9fee0637dd1fc4c181a53e56e531f0b64

SHA512
5d3b4f5f0dcd553569a695b77448a077f57b2365212f9c612faa7f14bb6897ee63b3d97839b1344d0b8836be55e82a063dbcdc19cfef4826e82f7ce9410b30f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
995ce24f642e8097b24f71a5846dbd96

SHA1
9e91b96731649560ca4484e35bd8ecf5a0aab599

SHA256
7c72a01e94fbfdc7864afa3bb653d4fc9fda3a2f4c5090cdea01071a00b77503

SHA512
0d506440cccbf8471ea2baa1bceb712e74c3b3861ac440ad447ba9e92bef2eb995bc463bb958b703f2bf65989cfc944ab13e43bae0e0d4f4ef4441f05f6e1320

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
075f609664c7f02b0a2b573a4f0f887b

SHA1
74dd8d07495481c2de362ad3d7834d4a0ab7f6ab

SHA256
55918f8221457a13fe2571aae5f0729fca4e5245660a74fa969100bc8dab78b3

SHA512
79f4293db4e01909602cc936e66576c1cedf6290033204eaeffca7979ae3d441121883031622b358f57a240b7700933ccaf9dc52f869f2eb0ea462895464fbb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afd131199a9551962080addec2bf1052

SHA1
fa4cdf3da41542200cf0dad177a3a6fb42b2977c

SHA256
e264a00d6e1f5777118f5e9e05352bc9f0ccc299bfc36addc18330b8951eb243

SHA512
7bfc81fb16997577443029d394c315f288368c3f30e49364ee71e869be28fbce8f99379ded6b4299bfa31f19e23bdd56d69e82a7f3cbb89804fd8743135e7d09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f6aebf7e214f53d379dca6c722aa6f2

SHA1
38c8fd0e364993d6227bab46b79de850e20d54cd

SHA256
2c762072c294416d7b340b5835e3536e1abac172af184422fd98ff5c8c079e7d

SHA512
88933625c9b6d3837399036bb94576ba6499855c45f04bc5becccd475a7569ccbc64dd7e1a734bb23939cb8dc60bbb87455725a6f1e9722b6de7d34de1022788

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d75491696086cd9ca402e068e6410b4

SHA1
e55af0d1c6120c7bae0b1fdf0152de137d88c149

SHA256
e9afc381c8197c8f27f44e8ce29753186589c114f9fd4e4588e357b1e48b6299

SHA512
b86c77b23151a1baa50e113c4105852481b079ace2e5f392b0f8273d9d99856ce29e93c5e8c03b497255cc9052473307fdbc94a806fcf72946def95c48800192

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43a1398bcca0164b6bd40f4106e74193

SHA1
51788bd3756ba5440e3fe4ce3d80992ab2153a48

SHA256
85e395753d43739913e339a35248b4cb016fc5b9c8b5fba7bfb901e780e17661

SHA512
41845e32c17643cde25e5323b582e32ed66e8de0f9c583d04c0215a3caf0fd528e6fe6a72ef55ea383129d797523eae9554eddd4713667b7b83631d034d8f057

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db5dee94eb947bccb3d7160b1d732429

SHA1
a5998759bbd2d3e1a939d434aa6727c8d4052735

SHA256
47bf54fb2dc6bc90f037d80721d771de64c115eed133c6915d818e4344fe6050

SHA512
79731015fe79bf9ccec3fa9485fcd65969a19c83245d350f6f4726ec401d04cabd3cc5460b561c519fdac5ec1177f59ce6f8be6bd5b1fff6eb16b46384710717

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d38a80cddcb743f2c002593a569ef42

SHA1
66d30d337b6f42d158f123f54764123846cccb41

SHA256
6516b79ee8c229ac180d710dbaf2479eb131505b8c22576c64d171ae7826f230

SHA512
b1119a2e6553a1de913dab2358c938b2515f27afe98c641204b15ee4279df71ba44193dadb64a0efab735fdc9d11ce26b5bbd62dee4717a0b1bcfd1dba1998ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d25692030d1202dead27236252df49b

SHA1
526ecaa168a8ce8db6b65ada518b54b013b1e265

SHA256
c4b234a5b3c920109d20f00d3fe95888c01c11cf1b2cf3acaa92b8fd76ccd61d

SHA512
23e18a8e0a17743d73d3ec98be6ee4a2dabd2bdf1922e700e9c103e93f7dd3bf16f91f8285e38a04c0839ec51871f9f134b4efc7fbd14ca2c02e250c1627680c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d1d0de6ad40002b17d5dd856ad9cc20

SHA1
f8dacbd6dcc302e68cd4acc29505689119688e81

SHA256
b8f234910e24e0571ebd01dbc9c43ce182035dbf56a19bdb3fc6141dc06b0050

SHA512
85201aed0cf3cf44db092a3d414b16f744f6aba054360f8944803d9e6b961806cf0986280651f7bbdf99ab5379ee893b851ad73acf89b5f626d755931a46aaab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdd3c5c317f82ed04a2174354a5e3c48

SHA1
c32b82dfaef86fe21555436fc9f415d4fc29c3aa

SHA256
4f8bb2a29eb73d245ec0093d9753c1515bfa5c1cf28dfd5bdc262a41c2b81d84

SHA512
36ebfb01208c219f316ca1609df081c68848252990b2340aded59e4bc8ef259ac86e4a561bea192feb09be9a296b9d0d5afe0181a7fb7676774dea58a86e12e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c4a31a0cf2a8d60b53383eaa6babc42

SHA1
815233a17862df60fda9445db92fde847f201fa0

SHA256
0f0289998f22d2b46a0e279f9b6ed9fbf827c5d68f4f089e9382c3242691834d

SHA512
76e20a4386bf0785c459193d22a878de6d7992a534482d301bd4cfc22429204d06ecdadee72dd188f962de6f3a8972d90e1adf0dd849b8642d70c451a4ab7c1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba6250b478fb7664c301bc506bd3bbf9

SHA1
574996aa8d1f6fd363b664ee7dcbc55c4c59518b

SHA256
cb44aada23e9ed48c5aad2cc86a989657a19d68d8c80a214146c22f2d6217312

SHA512
7d6a16fb10f00b7d4d57979547552b3355e5a1eb51ed61da160e714eeeddd2cfb0760c6244169a4e3c37fb6c1a96b752cd9cb0d51d9049f1cdc3621078eefad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\beacon.min[1].js

Filesize
19KB

MD5
dd1d068fdb5fe90b6c05a5b3940e088c

SHA1
0d96f9df8772633a9df4c81cf323a4ef8998ba59

SHA256
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

SHA512
7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab15A4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar15C7.tmp

Filesize
92KB

MD5
71e4ce8b3a1b89f335a6936bbdafce4c

SHA1
6e0d450eb5f316a9924b3e58445b26bfb727001e

SHA256
a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

SHA512
b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

Download Submit