135687178d1f4f3b4fa568c393fd9c199b4490dde6106e689aaffe5beb435a21

Analysis

max time kernel
121s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 02:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4d24554203ad4db933d3c725c5129dc3.html
Size

75KB
MD5

4d24554203ad4db933d3c725c5129dc3
SHA1

3fe90de9c8baee61c4d911a49c48508f851152e8
SHA256

135687178d1f4f3b4fa568c393fd9c199b4490dde6106e689aaffe5beb435a21
SHA512

0f47ea0cc7c1772a2ed28f9c15cc71df8cf33c42bb51aeb9acd5477d28a4d553a359657b66465c2b5f2936c0f32a7573898d213cf7347267a2c1b126318fd8ec
SSDEEP

768:ZNCd+u4jsnS4mQwUl+2duD1NkI2UtBzoTDDIHnrJWQ:ZNRQSjrK+zrt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000008c52f18efac0183eb52a581954ce85fefadc2b8b403a87b593c46fb514ca1d81000000000e80000000020000200000007d0fe989c5e053e0dda35876c60b87574cc2b8c6d72cd2988ff66182572c4d76900000006532296bf79fdc7a00fa043f74aeca35a7b983ad2b42064ba821ae19ad81241b1a3dad7ce5b57f26b3638e7de7ea50f6ed70a0db55a3ce2ff6506f056a551d61ef919a35ab04355e137e208d6a1ca389e95ac25955f5eee60930d2e02bbc0172c020fbedf9547cec49591cfb772b00e3353aef789552d7583c70ff2f40e6bdc12fb425b1e127f1b372c43058935f6cb940000000185d09f837d933ed398f68a3b095d6774cb813ad95f3b55f92a1681ff6e5b62803eb21f319f97f39b732bb1c22206acf0e73e0903e0948151fb88b1dbb74a2b9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409813961"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000a082ae6a769a88458f2a85d3bc29ded9375ee3c926533607c496b98ac8db9eae000000000e800000000200002000000075b784bd418a1a388ee1859591f02af10afbbac10de4825d4e2c0a409fb6ce6520000000d2227afd68ed613d70c7e7cade4b38848b83e5dcdc512c0f46b60c359f85da8d40000000b919f3d2e81122013f5fef69928a422d784d7cce056ded6d621f7751ba2db8503cbcb0c2cf94e7247078f84ebdc41fea9ebd424a09a70305734be7c282162ec4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d8de117f38da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3091A371-A472-11EE-AD90-6A1079A24C90} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1756	iexplore.exe
1756	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2456	1756	iexplore.exe	28
PID 1756 wrote to memory of 2456	1756	iexplore.exe	28
PID 1756 wrote to memory of 2456	1756	iexplore.exe	28
PID 1756 wrote to memory of 2456	1756	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4d24554203ad4db933d3c725c5129dc3.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
757a3b7a6dfe6b903e8288de8c0b612b

SHA1
8665a9111d3e8366d048355fa43729c1a93869ba

SHA256
94bf776e06071425b2c6a1739dc14956f13729b289afff2475f1b03e7518a8b4

SHA512
7641ed699ecaef2858f25cc5d59de1badb8a991648fe0f167273d35aba1b05ee065fdf9c77dbc15c99e86ea07726988eddd0ca27704a8a8b046f215ea51a2283

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a16e1b6941a6be04e75fc841c310bef

SHA1
b0663cd380488d09dd6473a5c0a0c8ed8977b314

SHA256
d84a5e459d254d5b614bffe68fd5fee0e64a94a6b1be546e25aa2aa56a2901bb

SHA512
a42b45d825a693fdd50be9267df7ba949c1ce915b8eb4f05d74f70551e8b486d255d5b66397e6e706bad0181eb685e1e8a2e65cee1d1c0e83afbeaa09229526b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29f28aaa3eab3367ada32e5f772f0614

SHA1
f71cce632e3f25e1fd08cfff18cdfff7e4016e42

SHA256
4e16b0741303d86fffee06205e318c44a512acf23ef9a604983efe3f00bd7c09

SHA512
3998537d5467465def60a26ee887f9cad17bbeb81939dc522d3b5f813e6c298cde0d5d03736a7aa2f8b5d5475f9f0efc63d486464a4edc1ffbdcffb7fc351888

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34edffeda2a0095eb79cf0d683329fd5

SHA1
fc259b41cafc70857d5b32bb924c001cb712a5bf

SHA256
6b2172a196da21c825b688a196c648b4b4f7d298d45ca2c4b32678cc58679313

SHA512
3e17a29cd4a54610edaf1527621be913b3d8ab5cdefc9dc36e74f567adc41423d877aaa707430472d69c4a361bf0ee7a3334785b6b026cdeb7ad27cd04c89fc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74f3b78cefde8d9530309f57fb7323e5

SHA1
542c0c34e1880269bc50ac143bd0a156e56f009d

SHA256
fd39bc4ae0fa2d83446013bcd81d5a2a3410cc8a793c251d171a572c182aa495

SHA512
4c941c22a945eac94a354cb660f2c46b3684d32ab662e98fe13c3eabf7a174fd8595f3fb4e37e8c8d677fc9747204104a46a533b95045861833b19b9c4e3e1d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19f8c5de1385df43b8b88691fb706abc

SHA1
789dfc694366507b85cb6fe033c0e0acffa02ddf

SHA256
2fb53a9635332455b179b76448c7e0950766978e55e58657057be33ee7eae8c8

SHA512
439fa48e83c411507eaf51d8b1f2eb44b0e442cc4e53ecb85d4c9199a51f2823a357b0324696ca6704c0e650353533b5f3bd031504a40fd0fba718252726cfb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8822ec0abc9df46b4f0e578537170554

SHA1
49789834bfa03000836341cde70dea0777c2a270

SHA256
4cbfce1e23facd05ad1d82fb3c84f4ad37098c91ebf97b12ba27f2034cc08960

SHA512
c610a510cbafffa918e0da5b7053e983f147187d6a605ed8e8147c28ccc9d7b9b8c9200973848fd67f0889f528c287229e85ac1893395d8502632ee21abb3097

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb73af55bf80d5adc18398f5ba6323f2

SHA1
9428ecbb7b7a5be5a543060df030450b6d2d45ae

SHA256
c512e5e21e5574359ff5e0ba6d5e6c936b4efe3c0455f9b8d248e226ca0cc10c

SHA512
b1bdaba7e143446063379684d6e63bf03d1afb18c735c04c293f315c3c756f14c5c4cb337146e225ca1c72dd368f4515773ad958619242cac60880fd5570eca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d75580a572b8ea76dc3910ab4ab0ced

SHA1
0c920da8fdbc12829c9bd43248c59ba64b7748c2

SHA256
1b25290790c797bb0d3dba8613c0f5ba6955199374f106425a918253a7844839

SHA512
ad80cee02d441b3761c0a017fb294ebc3a5d066dff7bcc1f8b094efd1da73e3a80ffefa05c510e3013c492143f9c1c955974467cbd4c9f94e5cb2a7c1b409f71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6a3aa767382a5209cd3df9e919f1b1d

SHA1
aa60c216bc58424d0a5eb545495232bd4111822e

SHA256
ac16121ce4b6ca5ad310d1a6b9483baf69a58f0a6aeddd7bb765236c6df3cc51

SHA512
d7ab6f1764747cb4864759d2263b3f6d7b0b74f80ed38eeca19c61b8ce82a23f886105fc9a2f21eee12661321805f9f7970708e86f1b60cc1baaa33c0742a987

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0464cf88e108165b244d094b5a0bc02

SHA1
3a34945da5ce9753ea049e731987a25e9fb9e739

SHA256
9865182a35a2af4d7f57138f4c493eec48e807a0c8535d6b1c3a4346601b802e

SHA512
a54fb2c476105a022ac29b980d0df3cc572927222ab12f2b35acf8395a810cf85e3fc21452665936bb6a0ce18c589c072a4ce3917a139d0cc2e61a10727d7409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f8d3b6b88ba789ef8e2898cf862b2a2

SHA1
e44ace2e131f51c5a063a545ec2bd0dea51c35f6

SHA256
a7485e3f8fc6f0362b2ce74023b27267faeeaca79b10d99cec9c401fa6e36316

SHA512
a8ce439ffb4abf3831b1036b465760a77fbcb1bec5c74249e42b3a36f4621ba37bc787a9fa8e8e237697d444696cea0ab0dd42c71e1912b78c37f8e93d5aab41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fa66e35cf1e29d9afffdb00790af9e4

SHA1
380ebb800fc61dff6bc7bff3ef1c17e54b88479b

SHA256
256a2eabf21caa3ba4f5db6f072d8a7dd5d75ff845415a9f12a254a97bc1fe3b

SHA512
67b3e0fc11967de9b267d861ae227ebfdb67654e57e98665612ee839752f5eadf6705b8de41f341e04cacf97176127f2e3c1cfe5bd4227ad23cbfbcf7189aeb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6423c4820cb6664ea2249b5aa0beaad0

SHA1
ff5ccb4df9da022d53056ebf8d64a47ef40df16a

SHA256
bdefd1545e67998b1fa1747971dd68e9e39a347053e2172a20074210a40dafad

SHA512
7cccf7a1c8b11a03d5b0fa36a7fecc3ee65e1436646867d7f915d9f5cce182f3765b8cb89b8e47f889ca60443c9a7e0a697484469d1bd6a4b79bceb54a9c4b34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8cb88dc2a43c162902ea1c9170e8ae34

SHA1
6bf0a0e89ba5fca3c632eae983543c1ee71dd42a

SHA256
f3d75c265bd6e5b4b5d2291585306c0dc5d3f633a04c9cc7f6b2065d7824ec95

SHA512
0942f115d33e21f7a65bc4d2511da5e140855b770bb2c0d9bb90c7297d6dc1b4e04c06cb41843e2de861f40986897b6aa47664e87546dcd481cdfe1d5927954b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4625e9c414cecd718a89e5d15d61e51e

SHA1
03017010577edf9a934138d15638661b98b63a4f

SHA256
303e7fe96faf122572dad382a67cac3294b7edfa1594121cff00e682745f47bb

SHA512
10ebcc78d86712fe1e6103d63f8aca6f6458aa8b2b4ce6cb21f67afd9f3f6f0f4d17e9e428db854e4db8d87634c503d7ab77589780ddda56e47e82978db48381

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8F95.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9014.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit